The Grant API uses OAuth to connect a granting Braintree merchant and a receiving Braintree merchant.
Once the recipient goes through these flows and consents to receiving granted payment methods, the grantor will receive an
access_token. This token contains encoded information about the recipient, information to the Grant API connection, and the actions the grantor can take on the recipient's behalf.
To use the Grant API with the recipient, the
access_token must include the right to grant payment methods to that merchant. When setting the
connect_url, the grantor must include the OAuth scope
The recipient can search for any transactions they've created using granted payment methods, but in order for the grantor to access this data, the
access_token must include the right to search facilitated transactions. As the grantor, be sure to include the OAuth scope
read_facilitated_transactions, in addition to
grant_payment_method, when setting the
The grantor can also choose to view metrics on facilitated transactions by including the
view_facilitated_transaction_metrics OAuth scope. This is less permissive than
read_facilitated_transactions and allows the grantor to read reports on the number and volume of facilitated transactions. More information on Grant API reporting can be found in our support articles.