# Overview

You exchange these credentials for an access token that authorizes your REST API calls. To test your web and mobile apps, you create sandbox accounts

Logging into the [Smart Platform](https://app.smartfastpay.com) to get credentials and create sandbox accounts requires a developer, support, or admin account. Each account provides different levels of access to API functionality.

<table><thead><tr><th width="251">Capabilities</th><th width="179" align="center">Developer Account</th><th width="167" align="center">Support Account</th><th align="center">Admin Account</th></tr></thead><tbody><tr><td>Access Smart Platform</td><td align="center"><strong>x</strong></td><td align="center"><strong>x</strong></td><td align="center"><strong>x</strong></td></tr><tr><td>Customize Payment Page</td><td align="center"><strong>x</strong></td><td align="center"></td><td align="center"><strong>x</strong></td></tr><tr><td>Create New Users</td><td align="center"></td><td align="center"></td><td align="center"><strong>x</strong></td></tr><tr><td>Create Credentials</td><td align="center"></td><td align="center"></td><td align="center"><strong>x</strong></td></tr><tr><td>Manage Transactions (Just on Sandbox Env.)</td><td align="center"><strong>x</strong></td><td align="center"></td><td align="center"><strong>x</strong></td></tr><tr><td>Generate Reports</td><td align="center"></td><td align="center"><strong>x</strong></td><td align="center"><strong>x</strong></td></tr></tbody></table>

***

### Get credentials

To generate REST API credentials for the sandbox and live environments:

1. Log in to the Smart Platform with your account.
2. Under the **MANAGEMENT** menu, select **Credentials**.
3. Remember to write down the chosen client\_secret, once saved, there is no way to recover it, you will need to create a new one.

***

### Get an access token

Your access token authorizes you to use the SmartFastPay REST API server. To call a REST API in your integration, exchange your client ID and secret for an access token in an OAuth 2.0 token call. While there are a few ways to get a token, here are examples using both the Postman app and a cURL command.

Your own environment's HTTP library or function may have <mark style="color:red;">`username`</mark> and <mark style="color:red;">`password`</mark> fields or an `auth` parameter in which you pass your client ID and secret. You can also add your Base64 encoded client ID and secret in an <mark style="color:red;">`Authorization: Basic`</mark> header.<br>

***

### Make REST API calls

In REST API calls, include the URL to the API service for the environment:

* Sandbox: <mark style="color:red;">`https://sandbox.smartfastpay.com`</mark>
* Live: <mark style="color:red;">`https://api.smartfastpay.com`</mark>

Also, include your access token to prove your identity and access protected resources.

This sample call, which shows the Transaction creates, includes a bearer token in the Authorization request header. This type of token lets you complete an action on behalf of a resource owner.

```bash
curl -v --location --request POST 'https://sandbox.smartfastpay.com/transaction/checkout' \
    --header 'Content-Type: application/json' \
    --header 'Authorization: Bearer <Access-Token>' \
    --data-raw '{
        "customer_id": "58f0c005-3b7d-4c75-81f3-93b9a6fee864",
        "branch": "Office 2",
        "name": "Richard Roe",
        "amount": 4300,
        "currency": "USD",
        "callback": "http://mysite.com/api/notification",
        "transaction": {
            "id": "b08e3897-6505-4bb4-81a5-6e3a1d29e277",
            "redirect": {
                "url": "http://mysite.com/success_payment",
                "type": "URL"
            }
        }
    }'
```

The response shows the page or url, choosed by redirect type:

```json
{
    "requestId": "73eaaecf-1bf4-4847-b4a9-8c615e891e1b",
    "data": {
        "url": "https://sandbox.smartfastpay.com/checkout/v1/f834fc1b-c8a0-4613-bcc9-2c188f6ef180",
        "transaction_id": "f834fc1b-c8a0-4613-bcc9-2c188f6ef180"
    }
}
```