Generate Authorization Token
This API generates an authorization token, which is essential for securely authenticating all subsequent API requests. The token must be included in the request headers to ensure that each call is verified and processed by the server.
- The token can be used for many API calls until it expires.
- Save the token and check the “expires_at” field to know when it will expire. Make sure to refresh the token before it expires by calling the same API again.
Environment
| Environment | HTTP Method | API |
| Sandbox | POST | https://api-preprod.phonepe.com/apis/pg-sandbox/v1/oauth/token |
| Production | POST | https://api.phonepe.com/apis/identity-manager/v1/oauth/token |
Request
Request Headers
| Header Name | Header Value |
| Content-Type | application/x-www-form-urlencoded |
Request Parameters
| Parameter Name | Parameter Value |
client_id | Client ID shared by PhonePe PG |
client_version | Client Version shared by PhonePe PG |
client_secret | Client secret shared by PhonePe PG |
grant_type | The value should be set to “client_credentials“ |
Sample Request
curl --location 'https://api-preprod.phonepe.com/apis/pg-sandbox/v1/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=CLIENT_ID' \
--data-urlencode 'client_version=1' \
--data-urlencode 'client_secret=CLIENT_SECRET' \
--data-urlencode 'grant_type=client_credentials'Response
Sample Response
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHBpcmVzT24iOjE3MjA2MzUzMjE5OTYsIm1lcmNoYW50SWQiOiJWUlVBVCJ9.4YjYHI6Gy6gzOisD_628wfbaI46dMSc5T_0gZ2-SAJo",
"encrypted_access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHBpcmVzT24iOjE3MjA2MzUzMjE5OTYsIm1lcmNoYW50SWQiOiJWUlVBVCJ9.4YjYHI6Gy6gzOisD_628wfbaI46dMSc5T_0gZ2-SAJo",
"expires_in": null,
"issued_at": 1706073005,
"expires_at": 1706697605,
"session_expires_at": 1706697605,
"token_type": "O-Bearer"
}Response Parameters
| Parameter Name | Data Type | Description |
access_token | String | The token generated by PhonePe. This token is valid for a specific time, which can be determined using the expires_at field. Once expired, the token must be refreshed using the same API. |
issued_at | DateTime | The timestamp in epoch (in seconds) when the token was generated. |
expires_at | DateTime | Token expiry timestamp in epoch. |
token_type | String | The type of token, which will be “O-Bearer”. |
ℹ️ Access Token Guidelines!
- You should depend on the following key response parameters:
- access_token: This is the token that must be included in API calls with PhonePe for authentication.
- expires_at: This indicates the token’s validity (in seconds). You must ensure that the token is refreshed before it expires. If it expires, you will have to send the request again.
- The auth_token is required for all subsequent API calls. Use the above access token to initiate the payment process.
Run a Sample Token Request!
📘 Accessing Your Credentials
You can view your Client ID and Client Secret from the PhonePe Business Dashboard. Navigate to Developer Settings to find your API keys and use them to try out the sample code.
body params
What’s Next?
Once you’ve successfully obtained the authorization credentials, you’re all set to move to the next step Subscription Setup.
Head over to the Subscription Setup section to learn how to set a subscription using the credentials generated here.
