Bizao allows you also to authenticate your end-user in implicit mode.
The Bizao platform will notify you on your CallBack URL with the specific
For each targeted countries, you have to use a dedicated redirection URL in required format.
List of redirection URL by country
Format of CallBack parameter:
- The CallBack parameter must contain your URL in encoded format (you can use this site to encode your URL: https://www.urlencoder.org/)
- For security reasons this URL should be in https (port 443)
- This URL will be used by Bizao to push you user’s credentials (
BIZAO_ALIAS) as Headers using a
- If you receive these credentials in encoded format, you will have to decode it before use.
- If you add some correlation parameters within your CallBack URL, Bizao will forward these parameters to your CallBack
- Any data sent back by your CallBack URL (response body for example) will be encoded in base64
Before testing the 3G/4G authentication flow (HE) please ensure that:
- Your Internet connection is made through a 3G/4G SIM Card connected to the local network
- You are getting proper mobile network
- You are not connected to Wifi network
- Your mobile data is switched on
Below a sample of complete 3G-redirection-URL:
Explanations using PHP
1- End-user redirection for authentication
$yourCallback = urlencode('yourCallBackUrl'); Header(“Location: http://waaat.orange.ci/BIZAO/?CallBack=$yourCallback”);
Please note that the waaat.orange backend has been updated on the 18th of March 2019.
Previous behaviour in case of HE failure:
401 responsegenerated900902 Missing Credentials Required OAuth credentials not provided. Make sure your API invocation call has a header: "Authorization: Bearer ACCESS_TOKEN"
New behaviour in case of HE failure:
In Ivory Coast
Same behaviour. No redirection made to your callback url.
In other countries
Your callback url is called but the bizao-token and the bizao-alias are not provided.
2- Your callback’s response
How to test your callback url ?
The request below will allow you to test your callback url by simulating a successfull HE.
- CallBack parameter:
your encoded callback url
Your query will contain the Headers below:
curl -X GET\ https://api.bizao.com/auth/v1/3g/sp/notify?Callback=https%3A%2F%2FMyDomain%2FMyHomePage%3FCorrelationID%3Dxxxxxx \ -H 'authorization: Bearer YOUR_ACCESS_TOKEN' \ -H 'orangeapitoken: BIZAO_TOKEN' \ -H 'x-orange-ise2: BIZAO_ALIAS' \