API Overview
- Auth API
- Underwriting API
- Portal
- Prospect Adobe
- Prospect Document
- Prospect Dropbox Files
- Prospect Entities
- Prospect Extras
- Prospect Generate PDF
- Prospect Integration
- Prospect Logs
- Prospect Messages
- Prospect Ofac Search
- Prospect Plaid Email
- Prospect Resellers
- Prospects
- Prospect Scores
- Prospect Scores Average Bank Balance
- Prospect Scores Business Types
- Prospect Scores Equifax Owner Credit
- Prospect Scores Tax Id
- Prospects Scores Average Bank Balances Plaid Transaction
- Prospect Status
- Process API
- Main API
- API Onboarding Tutorial
- Verify API
Tokens - Process API
Tokens APIs allow you to perform the activities related to tokens groups operations.
The Tokens - Process APIs' end points and their functionalities are given below:
|
API End Point
|
API Functionality
|
|
GET /GetAllCreditCardTokenListbyDate
|
Get All Credit Card Tokens by merchant, Start and End Date
|
|
GET /GetAllExpiredCreditCardTokens
|
Get All Expired Credit Card Tokens
|
|
GET /GetCheckToken
|
Returns Check token details
|
|
GET /GetCheckTokenList
|
Get All Check Tokens by merchant site identifier
|
|
GET /GetCreditCardToken
|
Returns the credit card token
|
|
GET /GetCreditCardTokenList
|
Get All Credit Card Token by merchant site identifier
|
|
GET /GetCustomerTokens
|
Get All Customer Tokens by site Id
|
|
GET /GetCustomerTokensByType
|
Get All Customer Tokens by site Id
|
|
GET /GetExpiredCreditCardTokens
|
Get Expired Credit Card Tokens by Merchant
|
|
GET /GetRtpToken
|
Returns Rtp token details
|
|
GET /GetRtpTokenList
|
Get All Rtp Tokens by merchant site identifier
|
|
POST /SaveCheckToken
|
Creates a new Check Token
|
|
POST /SaveCreditCardToken
|
Creates a new Credit Card Token
|
|
POST /SaveRtpToken
|
Creates a new Rtp Token
|
|
POST /TokenizeDDAOnly
|
Creates a new token for a Demand Deposit Account (DDA)
|
|
POST /TokenizePANOnly
|
Creates a new token associated with an entity’s Personal Account Number (PAN)
|
|
PUT /UpdateCheckToken
|
Update a Check Token
|
|
PUT /UpdateCreditCardToken
|
Update Credit Card Token
|
|
PUT /UpdateRtpToken
|
Update a Rtp Token
|
|
DELETE /DeleteCheckToken
|
Deletes a Check Token
|
|
DELETE /DeleteCreditCardToken
|
Deletes a credit card token
|
|
DELETE /DeleteRtpToken
|
Deletes a Rtp Token
|
iCG Authentication Service
iCG APIs are secured by OAuth 2.0 ROPC grant type. The external application must obtain user authorization before it executes an endpoint call incase this API chooses to use OAuth 2.0 ROPC Grant. This authorization includes the following steps:
- You must first exchange the user's credentials for an access token.
- The access token is an object containing information for authorizing client requests and refreshing the token itself.
The end-to-end authorization request is represented in the below diagram.
sequenceDiagram
participant Merchant
participant ICG (token URL)
autonumber
Merchant ->>ICG (token URL): Client ID, username, password
ICG (token URL)->>Merchant: id_token, access token, refresh token
The above step is to generate access token using the iCG provided Client id and with Merchant's user credentials.
Key Request Parameters
Once you receive the Client ID, and the user credentials, the next step is call the OAuth 2.0 ROPC endpoint to generate the access token.
| Element | Value |
| Method | POST |
| Authorization Type | OAuth 2.0 ROPC |
| Auth URI | https://auth.icheckdev.com/ |
| Client ID | *****(iCG application audience ID) |
| Username | {username} |
| Password | {password} |
| grant_type | password |
Sample cURL Request
curl -X POST \
--url 'https://auth.icheckdev.com/Login' \
--header 'Accept: application/json' \
--data 'grant_type=password' \
--data 'username={USERNAME}' \
--data 'password={PASSWORD}' \
--data 'client_id={iCG APPLICATION AUDIENCE ID}' \
On receiving the requests, iCG Authorization system validates all the parameters in the request and, if the request pass through the validation process, then it will generate your access token and return it in the response.
Sample Response Body
{
"access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1laWQiOiJjNjFhY2JhYy02NjA4LTQ3Y2YtYWIxOS0wZWQ2YmY3NTI5MTciLCJ1bmlxdWVfbmFtZSI6IlN1c2VlbGEiLCJlbmNyeXB0ZWRfZW1haWwiOiJGcGJnZ1RqbTNkbXl2cFlWVlVZNnJzcHBDKzcweFIwWGoyeTR1Mm8rc1ZRPSIsInR5cGUiOiIiLCJpc3MiOiJodHRwczovL2F1dGguaWNoZWNrZGV2LmNvbS8iLCJhdWQiOiJmMWZhN2ZmZi05MmU0LTQxMzMtOGQxMC0zNjg2OGM0OTg3YWQiLCJleHAiOjE3MDQ5MDY1MjAsIm5iZiI6MTcwNDgyMDEyMH0.Q03E-HrXto9CBzHcC43qn2wZG5VpUV4hzIfcCuRGWu4"
"token_type":"bearer"
"expires_in":86399
}
The response parameters and their descriptions are:
| Parameter | Description |
| access_token | The access token to be used to call the functional APIs |
| token_type | Bearer |
| expires_in | The number of seconds until the access token expires |
. To view our list of APIs, please visit the Process API page.