Generate a new ephemeral token

const url = 'https://api-pse.gnosispay.com/api/v1/ephemeral-token';
const options = {method: 'POST', body: undefined};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}

{
  "data": {
    "token": "8356ea2b8e7f1d49c2e5f8a76b91c02a3d4f7e10a2c5b9d8e1f4a7c0b3d5e2f",
    "expiresAt": "2024-02-07T12:34:56Z"
  }
}

Endpoints

Generate a new ephemeral token

Generates a new ephemeral token for secure PCI operations.

Ephemeral tokens are single-use tokens with a short lifespan (60 seconds) that are used to authorize sensitive PCI operations like retrieving card details or setting a PIN.

This endpoint requires mTLS (Mutual TLS) authentication using a valid client certificate.

The client certificate must be issued by a trusted Certificate Authority and contain valid partner identifier in its subject.

mTLS Requirements

Certificate must be issued by a trusted Certificate Authority
Certificate must contain a valid partner app ID in the CN (Common Name) field
Certificate must be valid and not expired
Certificate must be presented during the TLS handshake

Example certificate subject format:

CN=gp_f1a9b6c741c94510bb3b27f2e8379e29,C=US

Testing the Endpoint

Due to browser limitations, this endpoint cannot be tested directly in Swagger UI. Use one of the following methods:

Using cURL

curl -X POST --cert client.crt --key client.key https://${{AUTHENTICATED_PSE_API_URL}}/api/v1/ephemeral-token

Certificate and Key Format Requirements:

Certificate file (.crt/.pem) and Private key file (.key/.pem): both must be in PEM format

Example certificate format:

-----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2oCiwYwDQYJKoZIhvcNAQELBQAw
... (base64 encoded certificate data) ...
-----END CERTIFICATE-----

Example private key format:

-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC7VJTUt9Us8cKB
... (base64 encoded private key data) ...
-----END PRIVATE KEY-----

Important Notes:

Ensure certificate and key files have proper line endings
Certificate and key files should be readable by the client application
The private key must correspond to the certificate being used
Certificate must be valid and not expired

Using Postman

Go to Settings > Certificates
Add your client certificate and private key
Make sure to select the certificate for the correct host

Using Node.js

import https from "https";

const httpsAgent = new https.Agent({
  cert: CERT,
  key: KEY,
  rejectUnauthorized: true,
});

const req = https.request(
  {
    hostname: "api-pse.gnosispay.com",
    path: "/api/v1/ephemeral-token",
    method: "POST",
    headers: {
      "Content-Type": "application/json",
      "User-Agent": "User-Client/1.0.0",
    },
    agent: httpsAgent,
  },
  (res) => {
    let data = "";
    res.on("data", (chunk) => {
      data += chunk;
    });

    res.on("end", () => {
      console.log("Status:", res.statusCode);

      try {
        const parsedData = JSON.parse(data);
        console.log("Response:", parsedData);
      } catch {
        console.log("Raw response:", data);
      }
    });
  },
);

req.on("error", (error) => {
  console.error("Request error:", error);
});
req.end();

POST

api

ephemeral-token

Generate a new ephemeral token

const url = 'https://api-pse.gnosispay.com/api/v1/ephemeral-token';
const options = {method: 'POST', body: undefined};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}

{
  "data": {
    "token": "8356ea2b8e7f1d49c2e5f8a76b91c02a3d4f7e10a2c5b9d8e1f4a7c0b3d5e2f",
    "expiresAt": "2024-02-07T12:34:56Z"
  }
}

Response

200

application/json

Ephemeral token generated successfully

The response is of type object.

Get the User profile

Authentication

API reference

PSE API

Generate a new ephemeral token

mTLS Requirements

Testing the Endpoint

Using cURL

Using Postman

Using Node.js

Response