Frequently Asked Questions

• General
• Authentication
• Tokens

General

• What is the TradeSafe API endpoint for testing/production?
• What currencies are supported?
• What are the available payment intervals?
• How do I process credit card transactions in a dev environment?

What is the TradeSafe API endpoint for testing/production?

SIT/Testing URL: https://api-developer.tradesafe.dev/graphql

Production URL: https://api.tradesafe.co.za/graphql

Authentication URL (OAuth 2): https://auth.tradesafe.co.za/oauth/token

What currencies are supported?

Currently, the only supported currency is South African Rand (ZAR).

What are the available payment intervals?

Payment intervals are same day, next day, weekly, bimonthly and monthly.

How do I process credit card transactions in a dev environment?

A list of credit card numbers are available for testing. You can view them on the Sandbox Test Cards Page.

Authentication

• How do we initiate authentication request?
• Is the application token required an all request headers going forward?
• How long does the generated token live for?
• Can multiple tokens exist together or is one deprecated as soon as we generate another?
• Are my users required to have a token to use the API?

How do we initiate authentication request?

Authentication is done by requesting and OAuth token using the Client Credentials grant type. See Authentication for more information.

Is the application token required an all request headers going forward?

Yes, the OAuth token needs to be included with all requests to the API using the authentication header. See example below.

Authorization: Bearer ABC...XYZ

How long does the generated token live for?

The OAuth token is valid for 1 hour (60 minutes).

Can multiple tokens exist together or is one deprecated as soon as we generate another?

Once a token is generated it is valid for its lifetime. Multiple tokens can be generated however we recommend the token be cached and reused to avoid unnecessary requests.

Are my users required to have a token to use the API?

Users do not need to have an OAuth token. This should not be confused with a TradeSafe token which is the tokenized data of a user. See the Tokens section for more information.

Tokens

• What is the differance between an OAuth Token and a TradeSafe Token?
• What details are required to create a token?
• Can the baking details in a token be updated?

What is the differance between an OAuth Token and a TradeSafe Token?

An OAuth token is used for authentication. It is used for secure communication between your application and our API.

A TradeSafe Token is created using the API after authentication and includes a users details (e.g. Name, Email, Mobile ...) and optionally their Organization if applicable and optionally their banking details if needed. We will give you a unique ID that you can link to a user account to retrieve this data without you needing to store it in your application.

What details are required to create a token?

For all users their name, email, mobile, ID/passport number are required.

Optionally if they represent an organization the business name, registration number and tax number can be included.

Any users/parties receiving money (Agents, Seller, Beneficiaries) are required to provide their banking details. For buyers this is only required in the event of a refund.

Can the baking details in a token be updated?

Banking details are set once they cannot be changed. A new token will be required. Any active transactions will use the old token, you will need to contact us if a transaction needs to be updated.