Generate Authorization Token
This API generates an Authorization Token required to authenticate all standard checkout API requests.
The token must be obtained before initiating any checkout-related operations such as creating a payment request, checking payment status, or processing refunds. It should be included in the Authorization header for all subsequent API calls.
Environment
| Environment | HTTP Method | API |
| UAT | POST | https://api-preprod.phonepe.com/apis/apphub/v1/oauth/token |
| Production | POST | https://api.phonepe.com/apis/identity-manager/v1/oauth/token |
Request
Request Header
| Header Name | Header Value |
| Content-Type | application/x-www-form-urlencoded |
Request Parameters
| Parameter Name | Parameter Value |
client_id | Client ID shared by PhonePe PG |
client_version | Client Version shared by PhonePe PG |
client_secret | Client secret shared by PhonePe PG |
grant_type | Set the value to “client_credentials“ |
Sample Request
curl --location 'https://api-preprod.phonepe.com/apis/apphub/v1/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=CLIENT_ID' \
--data-urlencode 'client_version=CLIENT_VERSION' \
--data-urlencode 'client_secret=CLIENT_SECRET' \
--data-urlencode 'grant_type=client_credentials'Response
Sample Response
{
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJBUFBIVUJfTkIzX0FQUEhVQl9OQjMiLCJpYXQiOjE3NjY1NTcyMDMsImlzcyI6Im9seW1wdXNJTSIsInJvbGUiOiJBUFBIVUJfTkIzVXNlciIsImtleV9pZCI6IkFQUEhVQl9OQjMiLCJyb2xlcyI6W10sInR5cGUiOiJkeW5hbWljIiwidmVyc2lvbiI6IjQuMCIsInVzZXJEZXRhaWxzIjp7InVzZXJJZCI6IkFQUEhVQl9OQjMiLCJ1c2VyVHlwZSI6IlNZU1RFTSIsIm5hbWUiOiJhcHBodWJfbmIzIiwib3JnYW5pc2F0aW9uSWQiOiJQSE9ORVBFIiwiYmVsb25nc1RvVGVhbUlkIjoiUEhPTkVQRV9PTkxJTkVfTUVSQ0hBTlRTIiwiY29tcG9uZW50SWQiOiJBUFBIVUIiLCJjb21wb25lbnRJbnN0YW5jZUlkIjoiQVBQSFVCX05CMyJ9LCJzaWQiOiJjZjFiZDJkMi0xZjEyLTRmZDctYjFkZC0zOTU4Yjc1MTBjMjUiLCJ2YWxpZGF0aW9uRGF0YSI6e30sImF1ZCI6IkFQUEhVQl9OQjMiLCJzZXNzaW9uRXhwaXJ5IjoxNzY2NTYwODAzLCJ1c2VyX2lkIjoiQVBQSFVCX05CM19BUFBIVUJfTkIzIiwibmFtZSI6IkFQUEhVQl9OQjMiLCJpZCI6IkFQUEhVQl9OQjNfQVBQSFVCX05CMyIsImNsaWVudF92ZXJzaW9uIjoxLCJleHAiOjE3NjY1NjA4MDN9.Pht-dRE_i_PPXpBUFSTqsDiYS9WNvUjGeDFXwbbWoM65-SmsimhlUxC8xbE6EVNeClDKGDe98eNBxXjncuISAGGNaIa8ZIIDgdyC_6Kcli9fPtIwvPfFqSrOwl8QB_bTCj9l1UU5TG1nLS2pqLkc9Z7aEFBkoLkFQIB_CmFcplMr-HK5-Iyt-Bf-4VfQvXKANjQetTABKkQ__nbugWVhg-gx5PBeTjX8pQNOUZQbfzac265nPUSkqr0bog_uJ_aLGVaEO1JcKN6coCsMsjsHqIboHJKarJj6Q3mEwjTysWp2NlaqvpIx8afnAh2JjNmAYhV6R6j2pLZCJC2qhfdyiw",
"expires_in": 0,
"issued_at": 1766557628,
"expires_at": 1766561228,
"session_expires_at": 0,
"token_type": "O-Bearer"
}Response Parameters
| Parameter Name | Data Type | Description |
access_token | String | The token generated by PhonePe. This token is valid for a specific time, which can be determined using the expires_at field. Once expired, the token must be refreshed using the same API. |
issued_at | DateTime | The timestamp in epoch (in seconds) when the token was generated |
expires_at | DateTime | Token expiry timestamp in epoch |
token_type | String | The type of token, which will be O-Bearer. |
ℹ️ Access Token Guidelines!
- You should depend on the following key response parameters:
- access_token: This is the token that must be included in API calls with PhonePe for authentication.
- expires_at: This indicates the token’s validity (in seconds). You must ensure that the token is refreshed before it expires. If it expires, you will have to send the request again.
- The auth_token is required for all subsequent API calls. Use the above access token to initiate the payment process.
- Note: Authorization Token to be used is “access_token” with the prefix “token_type” and a whitespace separating the both.
For exp, O-Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHBpcmVzT24iOjE3MjA2MzUzMjE5OTYsIm1lcmNoYW50SWQiOiJWUlVBVCJ9.4YjYHI6Gy6gzOisD_628wfbaI46dMSc5T_0gZ2-SAJo
