Search
Fetch Auth Token API
Merchant backend should call this API to get an auth token, which will be used to authorize the subsequent API calls between the backends of Merchant & PhonePe. Token can be used to make multiple api calls until it expires. Merchant can save the token and rely on the “expires_at” field for the expiry of the token, after which the token can be refreshed using the same API.
API DETAILS
POST https://api-preprod.phonepe.com/apis/pg-sandbox/v1/oauth/token
Request Details
Request Headers
| Header Name | Header Value |
|---|---|
Content-Type | application/x-www-form-urlencoded |
Request Parameters
| Parameter Name | Description |
|---|---|
client_id | Client ID shared by PhonePe |
client_version | In case of simulator, client_version value should be 1. In case of production, use the value as received in credentials email. |
client_secret | Client secret shared by PhonePe |
grant_type | client_credentials |
Send the above Headers and payload to the below API using HTTP POST method .
POST – https://api-preprod.phonepe.com/apis/pg-sandbox/v1/oauth/token
Request Body
{
"client_id": "<your_client_id>",
"client_version": 1,
"client_secret": "<your_client_secret>",
"grant_type": "client_credentials"
}NOTE : Above CURL has only the dummy data, please refer to the request headers and parameters table above to generate the payload and headers.
Response Body
{
"access_token": "eyJ…zKw",
"encrypted_access_token": "eyJ…zKw",
"expires_in": null,
"issued_at": 1706073005,
"expires_at": 1706697605,
"session_expires_at": 1706697605,
"token_type": "O-Bearer"
}Response Parameters
| Parameter Name | Data Type | Description |
|---|---|---|
access_token | String | Token generated at PhonePe, Generated token will remain valid for a specific time and this can be checked by referring to the “expires_at” field. After expiry, the token must be refreshed using the same API. |
issued_at | DateTime | Token generated timestamp in epoch. |
session_expires_at | DateTime | Token expiry timestamp in epoch. |
token_type | String | Type will be “O-Bearer”. |
Note: Merchants should rely on the following response parameters.
access_token– The TOKEN that has be used in the API calls with PhonePe.- expires_at – The validity of the TOKEN