Tyro Health SDK setup
There is a three-step process to get you started with the Tyro Health SDK:
1)
2)
3)
1)Set up the transaction SDK
Requirements:
| Requirement | Notes |
|---|---|
| API KEY | An API Key grants you access to a business and all related providers resources. API Keys can only be created by a business admin. How to obtain an API Key: Once the admin is logged into the Tyro Health Online portal 1. Go to ‘Business settings’ and navigate to the ‘API keys’ tab, 2. Select ‘Generate a new key’ and the API Key will be displayed. |
| App ID | This is your Tyro Health unique Identifier. Issued by our partner integration team. Please contact healthpartnerships@tyro.com |
| App Version | This is typically aligned to your software release version. Used for debug and support efforts. This value is determined by you. |
Note: The Business Admin API key carries many privileges and should remain secret and not exposed to end users or on client-side code.
Environments
Tyro Health has to two environments for partner integration:
- Non- Prod/ testing environment (stg):This represents a production like environment but uses test account details and stubs to simulate responses from funders. It is also recommended that you set the Environment to staging when testing the SDK in development.
- Production (prod): Tyro Health production environment.
Domain whitelist
For security purposes, Tyro Health Online must whitelist your origin domain names. To add your domains to our content security policy, please contact healthpartnerships@tyro.com or reach out to your partner manager.
Allowlist requests must be submitted by Monday for activation on Thursday during our weekly release cycle. Please plan ahead to avoid delays.
Warning
Until partners domains are registered, you will get a CORS error for any unregistered originating domains.
Installation
There are two options to install theTyro Health transaction SDK:
Note: If you intend to use the SDK as a JavaScript module you will need to install the NPM/Yarn package. If you will be using the SDK with a
<script>tag or other URL direction method then you will need to install the unpkg.com version.
Option 1:Installation via NPM/Yarn
npm install @medipass/partner-sdk
// or, with yarn:
yarn add @medipass/partner-sdkOr
Option 2:Download the SDK via unpkg.com
https://unpkg.com/@medipass/partner-sdk@1.10.1/umd/@medipass/partner-sdk.min.js
Using the JavaScript Module
import medipassSDK from '@medipass/partner-sdk';
// or: const medipassSDK = require('@medipass/partner-sdk');
medipassSDK.setConfig({
env: 'stg',
apiKey: '[insert your API key here]',
appId: '[insert your App ID here]',
appVersion: '[insert your App version here]'
});
medipassSDK.renderCreateTransaction({}, {
onSuccess: function (transaction) {
// handle successful submission of transaction
},
onError: function (error) {
// handle errored submission of transaction
},
onCancel: function () {
// handle when create transaction flow has been cancelled
}
});Using a <script> tag
<html>
<head>
<script src="https://unpkg.com/@medipass/partner-sdk@1.10.1/umd/@medipass/partner-sdk.min.js"></script>
</head>
<body>
<script>
MedipassTransactionSDK.setConfig({
env: 'stg',
apiKey: '[insert your API key here]',
appId: '[insert your App ID here]',
appVersion: '[insert App version key here]'
});
MedipassTransactionSDK.renderCreateTransaction({}, {
onSuccess: data => {
// handle success
},
onError: data => {
// handle error
},
onCancel: () => {
// handle cancel
}
});
</script>
</body>
</html>Short-lived SDK token
In order to mitigate potential risks of unauthorised API keys, Tyro Health provides the option of a short-lived SDK authentication token.
To use the short-lived token you will need to follow the below three step process:
- On your server-side, use the Business Admin API key to call:
Resource <base-url>/v3/auth/token
Where base-url:
Staging: stg-api-au.medipass.io
Required headers
-
authorization:
Bearer <Business_Admin_API_key> -
x-appid: your App ID
Payload
{
"audience": "aud:business-sdk",
"expiresIn": "1h" // e.g. 30m, 1h, 6h, 24h. Defaults to 1h, max is 24h.
}- The response will contain a short-lived token that is restricted to SDK features. For example, it can't be used to generate more tokens, update business details or create other users in a business.
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ2ZXIiOjEsImlhdCI6MTU5Mzc1NzI1MCwiZXhwIjoxNTkzNzYwODUwLCJhdWQiOiJhdWQ6YnVzaW5lc3Mtc2RrIiwic3ViIjoiNTc0M2NiNWI1YjI0Y2MxNDAwOTk5MTcwIiwianRpIjoiNVctZDZLIn0.YbbogFjmk7-BT15aY7vqHfFcXpH5Smr9LT96hHUjlWQ"
}- Return this token to your portal, and use it for the SDK apiKey field.