OAuth access tokens are requested internally by OAuth-based methods. The current SDK does not expose or cache a reusable token manager for application code. Cloud Terminal tokens are returned to you explicitly so you can reuse them until
expires_in.Credential Types
VivaWallet uses two authentication mechanisms depending on the endpoint group: 1. OAuth 2.0 — Client ID + Client Secret Used for SmartCheckout, Acquiring, ISV, Marketplace, Data Services, and POS calls. The SDK exchanges your Client ID and Client Secret for a short-lived Bearer token viaPOST /connect/token when an OAuth-based method runs.
2. Viva Basic Auth — Merchant ID + API Key
Used for legacy and payment-source endpoints. The SDK base64-encodes your Merchant ID and API Key and sends them as an HTTP Basic Authorization header on each relevant request.
Some ISV endpoints use a reseller-specific Basic Auth variant. For those calls, the username is composed from the Reseller ID and the target merchant ID.
Demo vs Production
Passdev: true in the client constructor to route API calls through VivaWallet demo endpoints:
dev: true; live credentials and demo credentials are separate.
Vivawallet Client Credentials
Instantiate the standardVivawallet client with merchant OAuth credentials and merchant Basic Auth credentials:
Optional setup fields:
ISV Client Credentials
TheVivaISV client is used by resellers managing connected merchant accounts. It requires ISV OAuth credentials at minimum:
Authorization header to encode Username = Reseller ID:Merchant ID and Password = Reseller API Key. The target merchant ID is passed per method because it identifies the merchant account being acted upon:
Marketplace Client Credentials
Instantiate theMarketplace client with your platform merchant account’s OAuth and Basic Auth credentials. These are the credentials for your marketplace operator account, not for individual sellers:
Marketplace client uses platform OAuth credentials for Marketplace, Checkout, and Acquiring API calls, while keeping merchant credentials available for Basic Auth helpers such as payment sources and webhooks.
Storing Credentials Securely
Always load credentials from environment variables rather than writing them directly into your source code. A.env file excluded from version control, or your deployment platform’s secret manager, is the right place to store them:
.env file to match:
.env
Where to Find Your Credentials
All credentials are available in your VivaWallet merchant dashboard:- Client ID and Client Secret — Go to Settings → API Access → OAuth 2.0 Credentials and create the relevant application for your integration.
- Merchant ID and API Key — Go to Settings → API Access. Your Merchant ID and API Key are shown under the Basic Authentication section.
- ISV Client ID and Client Secret — Available in the ISV Partner Portal under your ISV application settings.
- Reseller ID and Reseller API Key — Provided by VivaWallet when your reseller account is activated in the ISV program.