Skip to content
User Guide

Credential Management

Overview

Section titled “Overview”

Transpeye integrates with several third-party services to receive transaction data and communicate with external platforms. These integrations require credentials — API keys, OAuth tokens, or refresh tokens — that must be stored securely within the platform and kept up to date.

Super Admin users are responsible for managing these credentials. This guide covers the three credential types currently managed within Transpeye:

IntegrationCredential TypeManagement URL
LavuAPI Key and API Secret/update_lavu_credentials
VendOAuth token/update_vend_credentials
EERefresh token/new_ee_refresh_token

The audit trail page provides a log of credential changes and system events. This is covered at the end of this guide.

Step-by-Step Guide

Section titled “Step-by-Step Guide”

Step 1: Update Lavu API Credentials

Section titled “Step 1: Update Lavu API Credentials”

Lavu is a hospitality POS system that uses static API credentials rather than OAuth. When a customer connects their Lavu account to Transpeye, you enter their API key and secret directly. These credentials must be updated whenever the customer regenerates their Lavu API credentials, which may occur on a scheduled rotation or following a security incident.

  1. Navigate to /update_lavu_credentials.
  2. Enter the new API Key in the designated field.
  3. Enter the new API Secret in the designated field.
  4. Select “Save” or “Update Credentials” to store the values.

Transpeye immediately validates the new credentials against the Lavu API. A success message confirms the update. If validation fails, the previous credentials remain active and you will need to re-enter the correct values.

Obtain Lavu credentials directly from the customer’s Lavu administrator account under their API settings section. Lavu credentials are case-sensitive and must be copied exactly.

Step 2: Manage Vend OAuth Tokens

Section titled “Step 2: Manage Vend OAuth Tokens”

Vend uses OAuth 2.0 for authentication. The Vend OAuth integration generates an access token and a refresh token when the customer first authorises the connection. Transpeye uses the refresh token to request new access tokens automatically as they expire.

In most cases, the Vend token renews itself without manual intervention. However, if the customer revokes Transpeye’s access in their Vend account settings, or if the refresh token expires due to a prolonged period of inactivity, you will need to update the token manually.

  1. Navigate to /update_vend_credentials.
  2. The page shows the current token status for the account’s Vend integration.
  3. If a re-authorisation is required, select the option to re-initiate the OAuth flow. This redirects you through the Vend authorisation process. See the POS System Integration guide for the full OAuth connection steps.
  4. If the page allows direct token entry (for cases where you have received a new token from Vend support), enter the token in the provided field and select “Save”.

After updating, verify that Vend transaction data resumes flowing into the customer’s account within 15–30 minutes.

Step 3: Manage the EE Refresh Token

Section titled “Step 3: Manage the EE Refresh Token”

The EE integration uses a refresh token to maintain a persistent authenticated session. This token is long-lived but must be periodically renewed or replaced if it expires or is revoked.

  1. Navigate to /new_ee_refresh_token.
  2. Follow the on-screen instructions to generate or enter a new refresh token for the EE integration.
  3. Select “Save” to store the token.

The specifics of how to obtain a new EE refresh token depend on the EE platform’s authentication flow. Contact Transpeye support if you are unsure how to obtain a valid token for a specific customer account.

Step 4: Review the Audit Trail

Section titled “Step 4: Review the Audit Trail”

The audit trail page provides a chronological log of significant system events and configuration changes, including credential updates. Use this page to:

  • Confirm when credentials were last updated and by whom
  • Investigate whether a configuration change preceded a reported data gap or integration failure
  • Demonstrate to customers or auditors that access credentials are managed in a controlled and traceable manner

Navigate to the audit trail page from the administration navigation menu.

The audit log entries include:

  • Timestamp — the date and time of the event in the account’s configured timezone
  • User — the account that performed the action
  • Action — a description of what was changed or accessed (for example, “Lavu credentials updated”, “User created”, “Camera record modified”)
  • Detail — where applicable, additional context such as the affected record name or identifier

The audit trail is read-only. Entries cannot be edited or deleted.

Best Practices for Credential Security

Section titled “Best Practices for Credential Security”

Credentials stored in Transpeye grant access to third-party systems that may contain sensitive financial and operational data. Follow these practices to maintain a secure credential management posture.

Never store credentials outside the platform. API keys and OAuth tokens must not be stored in spreadsheets, email drafts, messaging apps, or any other location outside of Transpeye’s secure credential store. If you receive credentials from a customer, enter them into the platform immediately and do not retain a personal copy.

Use secure channels when receiving credentials from customers. When a customer needs to provide an API key or secret to you, request it through a secure channel such as an encrypted messaging system or a secure file share. Do not ask customers to email credentials in plain text.

Act immediately on reported credential compromise. If a customer reports that their POS system credentials may have been exposed — for example, due to a staff member sharing access or a suspected breach — update the credentials in Transpeye immediately and coordinate with the customer to rotate the credentials at the source system as well.

Perform periodic credential reviews. At least quarterly, review the integration status for each customer account to confirm that all credential-dependent integrations are active and functioning. A silent credential failure (where the token has expired but no obvious error is surfaced) can result in extended data gaps that are difficult to recover.

Limit credential management access. Credential update pages are restricted to Super Admin users. Do not elevate users to Super Admin solely to allow credential updates. If a customer needs to update their own credentials and does not have Super Admin access, perform the update on their behalf.

Tips

Section titled “Tips”
  • Coordinate Lavu credential rotations with the customer. When a customer rotates their Lavu API credentials, they need to notify you promptly so you can update the values in Transpeye. Establish a process with each Lavu customer for how they will communicate credential changes.
  • Test integrations after every credential update. After saving new credentials, check the relevant data feed (transactions, alerts, or events) within 30 minutes to confirm data is flowing correctly. Do not assume a successful save message means the integration is fully working end-to-end.
  • Use the audit trail as a first step in integration investigations. Before escalating an integration failure to Transpeye support, review the audit trail to determine when the integration was last working and whether any credential or configuration changes occurred around the time the problem started.
  • Document credential update history externally. Although the audit trail captures events, it may not always be accessible during an outage. Maintain an internal record (in your account management system, not in a plain text file) of the date credentials were last updated for each customer account.

Troubleshooting

Section titled “Troubleshooting”

Lavu credentials were accepted but transaction data has stopped flowing. The credentials may have been entered correctly, but the Lavu account may have additional restrictions — for example, limited API access by IP address, or a restriction on the specific outlet the credentials can access. Contact the customer’s Lavu administrator to verify the API access scope.

The Vend integration shows as connected but no new transactions are appearing. This often indicates a silently expired token. Navigate to /update_vend_credentials and check the token status. If the token has expired, re-initiate the OAuth authorisation flow. After re-authorisation, transactions should resume within 15–30 minutes.

I updated credentials but the audit trail does not show the change. There may be a short delay before the audit trail updates. Refresh the page and check again after a few minutes. If the entry still does not appear, confirm whether the save operation completed successfully — if the credential update page returned an error, the change may not have been committed.

The EE refresh token page is returning an error. EE token errors may indicate that the token provided has already been used or has expired at the source. Contact Transpeye support with the error message displayed, as this may require coordination with the EE platform team to issue a new valid token.

I cannot access the credential management pages. All credential management pages are restricted to Super Admin users (ROLE_SUPERADMIN). If you cannot access /update_lavu_credentials, /update_vend_credentials, or /new_ee_refresh_token, verify your user role with your Transpeye administrator.