Authorizing our Web Server with Poynt

cbeeson · October 14, 2016, 5:41pm

We have developed a Poynt App that runs on the Android / Poynt terminal. This app connects, via the web, to our online services.

In the past, we’ve used Poynt’s Auth Token to authorize the Merchant into our site. It seems things have changed a lot since we last worked on this app and now Poynt rejects our authorization attempts.

We used to add the token to the end of url.and get a response which meant the Merchant was valid.

But now we get an exception as the connection is dropped, this seems to mean that our method no longer works.

We have tried using the header values (Authorization, Bearer, etc) to no avail.

Is this even still possible? If so, is there a link where we can see an example if this kind of authorization?

Thank You,
Carl

dennis · October 15, 2016, 12:41am

Carl, can you email me the details?

cbeeson · October 19, 2016, 6:16pm

We got it fixed. We had to enforce the TLS 1.2 Protocol in order to connect to services.poynt.net. This must have changed since we stopped working on the project months ago.

For anyone using c# to connect to services.poynt.net, here is the code to set TLS 1.2:

System.Net.ServicePointManager.SecurityProtocol = (System.Net.SecurityProtocolType)3072;

Be sure that your host / server has TLS 1.2 enabled.

dennis · November 22, 2016, 3:25am

Hi Carl,

Sorry for the delay responding on the forum.

Here’s what you can do to authenticate the calls from the terminal to your cloud.
Create a token on the terminal using IPoyntTokenService and send it in the Authorization header to your cloud:

“Authorization: Bearer {token}”

On your server, you can verify token’s signature (see http://bit.ly/2gwIYdC). The JWT will contain business id, deviceId and other values that you can use for authenticate the call.