1Authentication
All requests to the SaligPay API require authentication using OAuth 2.0. You must first obtain an access token which is then used in subsequent API calls.
Authentication Endpoints
| Endpoint | Method | Description |
|---|---|---|
| /api/oauth/authenticate | POST | Get a new access token and refresh token |
| /api/oauth/jwt/refresh | POST | Refresh an expired access token |
| /api/oauth/jwt/validate/access | POST | Validate an access token |
Authenticate and Get Access Token
To authenticate and obtain an access token, make a POST request to the authentication endpoint with your client credentials.
RequestPOST /api/oauth/authenticate
// Authentication request
const response = await axios.post(
'https://apisaligpay.microsource.com.ph/api/oauth/authenticate',
{
clientId: "your_client_id",
clientSecret: "your_client_secret",
},
{
headers: {
"Content-Type": "application/json",
},
}
);
// Sample response structure
{
"success": true,
"data": {
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"expires_in": 3600,
"token_type": "Bearer"
}
}Token Management Utility
For efficient token management, we recommend implementing a utility that handles token storage, refreshing, and validation:
Token Management Utility
// Token management utility
class SaligPayAuth {
private static instance: SaligPayAuth;
private accessToken: string | null = null;
private refreshToken: string | null = null;
private expiresAt: number = 0;
private constructor() {}
public static getInstance(): SaligPayAuth {
if (!SaligPayAuth.instance) {
SaligPayAuth.instance = new SaligPayAuth();
}
return SaligPayAuth.instance;
}
async authenticate(clientId: string, clientSecret: string): Promise<string> {
try {
const response = await axios.post(
'https://apisaligpay.microsource.com.ph/api/oauth/authenticate',
{ clientId, clientSecret }
);
const { access_token, refresh_token, expires_in } = response.data.data;
this.accessToken = access_token;
this.refreshToken = refresh_token;
this.expiresAt = Date.now() + expires_in * 1000;
return this.accessToken;
} catch (error) {
console.error('Authentication failed:', error);
throw error;
}
}
async getValidToken(): Promise<string> {
// If token expired or about to expire in next 5 minutes, refresh it
if (!this.accessToken || Date.now() > this.expiresAt - 300000) {
await this.refreshAccessToken();
}
return this.accessToken!;
}
private async refreshAccessToken(): Promise<void> {
if (!this.refreshToken) {
throw new Error('No refresh token available');
}
try {
const response = await axios.post(
'https://apisaligpay.microsource.com.ph/api/oauth/jwt/refresh',
{ refreshToken: this.refreshToken }
);
const { access_token, refresh_token, expires_in } = response.data.data;
this.accessToken = access_token;
this.refreshToken = refresh_token;
this.expiresAt = Date.now() + expires_in * 1000;
} catch (error) {
console.error('Token refresh failed:', error);
throw error;
}
}
}Security Notes:
• Always keep your client credentials secure and never expose them in client-side code.
• Store tokens securely and implement proper token refresh logic to handle expiration.