SearchFetch Auth Token API
Merchant backend should call this API to get an auth token, which will be used to authorize the subsequent API calls between the backends of Merchant & PhonePe. Token can be used to make multiple api calls until it expires. Merchant can save the token and rely on the “expires_at” field for the expiry of the token, after which the token can be refreshed using the same API.
API DETAILS
POST https://api-preprod.phonepe.com/apis/pg-sandbox/v1/oauth/token
Request Details
Request Headers
| Header Name | Header Value |
|---|---|
Content-Type | application/x-www-form-urlencoded |
Request Parameters
| Parameter Name | Description |
|---|---|
client_id | Client ID shared by PhonePe |
client_version | In case of simulator, client_version value should be 1. In case of production, use the value as received in credentials email. |
client_secret | Client secret shared by PhonePe |
grant_type | client_credentials |
Send the above Headers and payload to the below API using HTTP POST method .
POST – https://api-preprod.phonepe.com/apis/pg-sandbox/v1/oauth/token
Request Body
{
"client_id": "<your_client_id>",
"client_version": 1,
"client_secret": "<your_client_secret>",
"grant_type": "client_credentials"
}NOTE : Above CURL has only the dummy data, please refer to the request headers and parameters table above to generate the payload and headers.
Response Body
{
"access_token": "eyJ…zKw",
"encrypted_access_token": "eyJ…zKw",
"expires_in": null,
"issued_at": 1706073005,
"expires_at": 1706697605,
"session_expires_at": 1706697605,
"token_type": "O-Bearer"
}Response Parameters
| Parameter Name | Data Type | Description |
|---|---|---|
access_token | String | Token generated at PhonePe, Generated token will remain valid for a specific time and this can be checked by referring to the “expires_at” field. After expiry, the token must be refreshed using the same API. |
issued_at | DateTime | Token generated timestamp in epoch. |
session_expires_at | DateTime | Token expiry timestamp in epoch. |
token_type | String | Type will be “O-Bearer”. |
Note: Merchants should rely on the following response parameters.
access_token– The TOKEN that has be used in the API calls with PhonePe.- expires_at – The validity of the TOKEN