Authenticate

Authentication is in OAuth2 mode. You must have a technical account to access the Merchant Back Office.

1. Sign in to the Merchant Back Office with your own login details.
2. At the top right of the screen, open the drop-down menu under your name, and click Settings.
3. Click on the API Key tab to retrieve your keys for the test and production environments.
   
4. To generate an access token, make a request POST request to the following address:

   https://account.lyra.com/auth/realms/marketplace/protocol/openid-connect/token

   This is the same address for both environments.

5. Use the following parameters in format application/x-www-form-urlencoded :
   • grant_type:client_credentials
   • client_id:<CLIENT_ID>
   • client_secret:<CLIENT_SECRET>
   
6. You can now create a query to retrieve the information from your test marketplace. To do so:
   • Copy the authentication token (access_token) into the Authorization header: Bearer {access_token}
   • Send your request to the environment address

     https://secure.lyra.om/marketplace-test/v1/marketplaces/{marketplace_uuid}

     Example:

     https://secure.lyra.com/marketplace-test/v1/marketplaces/57595c55-b096-41d8-9287-b98640de3f25

    The authentication token has a lifetime of 5 minutes, and note that the refresh token is not used in the marketplace.

   You must set up a method for retrieving a new token at no more than every 300 seconds (see PHP example below).

   A request submitted with an expired authentication token will be rejected with an HTTP 307 code.

   Example of obtaining the authentication token in PHP

   <?php
   require 'vendor/autoload.php';
   use GuzzleHttp\Client;
   $MARKETPLACE_UUID = "57595c55-b096-41d8-9287-b98640de3f25";
   $USERNAME = 'ksparkles';
   $CLIENT_ID = $USERNAME."_".$MARKETPLACE_UUID;
   $CLIENT_SECRET = "e0d999f6-01d8-4ef9-8f9b-0fc5fa08f1a5";
   $AUTH_URL = "https://account.lyra.com/auth/realms/marketplace/protocol/openid-connect/";
   $API_URL = "https://secure.lyra.com/marketplace-test/v1/";
   session_start();
   function getAccessToken() {
       global $AUTH_URL, $CLIENT_ID, $CLIENT_SECRET;
       $expire_next = $_SESSION['expires_next'];
       if (!$_SESSION['token'] || !$expire_next || time() >= $expire_next - 2) {
           $client = new Client(["base_uri" => $AUTH_URL]);
           $response = $client->request('POST', 'token',
               ['form_params' => [
                   'grant_type' => 'client_credentials',
                   'client_id' => $CLIENT_ID,
                   'client_secret' => $CLIENT_SECRET
               ]]
           );
           $body = $response->getBody();
           $data = json_decode($body->getContents());
           $_SESSION['token'] = $data->access_token;
           $_SESSION['expires_next']= time() + $data->expires_in;
       }
       return $_SESSION['token'];
   }
   function getMarketplaceDetails() {
       global $API_URL, $MARKETPLACE_UUID;
       $token = getAccessToken();
       $client = new Client(["base_uri" => $API_URL]);
       $response = $client->request('GET', "marketplaces/$MARKETPLACE_UUID",
           ['headers' => ['Authorization' => "Bearer $token"]]
       );
       $body = $response->getBody();
       return $body->getContents();
   }
   echo getMarketplaceDetails();