Customer API

(FOR UAT ONLY)

Get UAT credentials and test data from GCash

Environment credentials:

• client_id

• client_secret

• AES key

Test data:

• Mobile telephone number (mobtel)

• MPIN

• OTP

Request bearer token

POST https://access.lab.mynt.xyz/gconnect/oauth2/token

1. Add client_id, client_secret, grant_type under Body
2. Key value pairs must be in x-www-form-urlencoded
3. Set grant_type to client_credentials
4. Copy generated access_token

Proceed to customer login and consent screens

GET https://access.lab.mynt.xyz/gconnect/customer/login

1. Add callbackUrl, sessionToken, under Params
2. callbackURL must start with https://
3. i.e https://www.google.com
4. Add access_token under Authorization, type set to Bearer Token
5. Add client_id, X-Tracker under Headers
6. X-Tracker can be any alphanumeric value
7. Send GET request
8. Open Postman Console
9. Copy entire https://uat.m.gcash.com/… link at the bottom
10. Open link in browser
11. Use test data provided
12. Provide consent

Decrypt customer data

1. Copy the response body after the redirect
2. Copy the _encrypted_data _value - this is the user's Encrypted Data
3. Copy the iv value - this is the Initialization Vector
4. Use a decrypting service (i.e https://string-o-matic.com/aes-decrypt)
5. Use Base64, key size 256
6. Add AES key, IV
7. Customer data has now been decrypted!

Important links:

Bearer token

https://access.lab.mynt.xyz/gconnect/oauth2/token

Customer login

https://access.lab.mynt.xyz/gconnect/customer/login

Base64 decode tool

https://www.base64decode.org/

AES decrypt tool

https://string-o-matic.com/aes-decrypt