Developer Docs
Payment Gateway
In-store Payments
Payment GatewayIn-store Payments
Search
Authorization
Menu

Generate Authorization Token

This API generates an Authorization Token required to authenticate all standard checkout API requests.

The token must be obtained before initiating any checkout-related operations such as creating a payment request, checking payment status, or processing refunds. It should be included in the Authorization header for all subsequent API calls.

Environment

EnvironmentHTTP MethodAPI
SandboxPOSThttps://api-preprod.phonepe.com/apis/pg-sandbox/v1/oauth/token
ProductionPOSThttps://api.phonepe.com/apis/identity-manager/v1/oauth/token

Request

Request Header
Header NameHeader Value
Content-Typeapplication/x-www-form-urlencoded
Request Parameters
Parameter NameParameter Value
client_idClient ID shared by PhonePe PG
client_versionClient Version shared by PhonePe PG
client_secretClient secret shared by PhonePe PG
grant_typeSet the value to “client_credentials
Sample Request
curl --location 'https://api-preprod.phonepe.com/apis/pg-sandbox/v1/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=CLIENT_ID' \
--data-urlencode 'client_version=CLIENT_VERSION' \
--data-urlencode 'client_secret=CLIENT_SECRET' \
--data-urlencode 'grant_type=client_credentials'

Response

Sample Response
{
    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHBpcmVzT24iOjE3MjA2MzUzMjE5OTYsIm1lcmNoYW50SWQiOiJWUlVBVCJ9.4YjYHI6Gy6gzOisD_628wfbaI46dMSc5T_0gZ2-SAJo",
    "encrypted_access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHBpcmVzT24iOjE3MjA2MzUzMjE5OTYsIm1lcmNoYW50SWQiOiJWUlVBVCJ9.4YjYHI6Gy6gzOisD_628wfbaI46dMSc5T_0gZ2-SAJo",
    "expires_in": null,
    "issued_at": 1706073005,
    "expires_at": 1706697605,
    "session_expires_at": 1706697605,
    "token_type": "O-Bearer"
}
Response Parameters
Parameter NameData TypeDescription
access_tokenStringThe token generated by PhonePe. This token is valid for a specific time, which can be determined using the expires_at field. Once expired, the token must be refreshed using the same API.
issued_atDateTimeThe timestamp in epoch (in seconds) when the token was generated
expires_atDateTimeToken expiry timestamp in epoch
token_typeStringThe type of token, which will be O-Bearer.

ℹ️ Access Token Guidelines!

  • You should depend on the following key response parameters:
    • access_token: This is the token that must be included in API calls with PhonePe for authentication.
    • expires_at: This indicates the token’s validity (in seconds). You must ensure that the token is refreshed before it expires. If it expires, you will have to send the request again.
  • The auth_token is required for all subsequent API calls. Use the above access token to initiate the payment process.

Run a Sample Token Request!

📘 Accessing Your Credentials

You can view your Client ID and Client Secret from the PhonePe Business Dashboard. Navigate to Developer Settings to find your API keys and use them to try out the sample code.

body params

You can also test this API request directly in Postman for a quick and easy integration check.

What’s Next?

Once you have successfully obtained the authorization credentials, you are ready to proceed with creating a payment.

Head over to the Create Payment section to learn how to initiate a transaction using the credentials generated in this step.

Is this article helpful?
Tell us why?
Additional Comments
Integration StepsCreate Payment
Table of content
Environment RequestResponseRun a Sample Token Request!What’s Next?
Developer Docs
Knowledge Center?Answer to common Questions
Can’t find what you are looking for?Contact Support
linkedIntwitterfacebookinstagram
© 2025, All rights reserved