Authorization

anchor image
Copied !

Merchant backend should call this API to get an auth token, which will be used to authorize the subsequent API calls between the backends of Merchant & PhonePe. Token can be used to make multiple api calls until it expires. Merchant can save the token and rely on the “expires_at” field for the expiry of the token, after which the token can be refreshed using the same API.

API DETAILS

POST https://api-preprod.phonepe.com/apis/pg-sandbox/v1/oauth/token

anchor image
Copied !

Request Headers

Header NameHeader Value
Content-Typeapplication/x-www-form-urlencoded

Request Parameters

Parameter NameDescription
client_idClient ID shared by PhonePe
client_versionIn case of simulator, client_version value should be 1.
In case of production, use the value as received in credentials email.
client_secretClient secret shared by PhonePe
grant_typeclient_credentials

Send the above Headers and payload to the below API using HTTP POST method .

POST – https://api-preprod.phonepe.com/apis/pg-sandbox/v1/oauth/token

Request Body

{ "client_id": "<your_client_id>", "client_version": 1, "client_secret": "<your_client_secret>", "grant_type": "client_credentials" }

NOTE : Above CURL has only the dummy data, please refer to the request headers and parameters table above to generate the payload and headers.

Response Body

{ "access_token": "eyJ…zKw", "encrypted_access_token": "eyJ…zKw", "expires_in": null, "issued_at": 1706073005, "expires_at": 1706697605, "session_expires_at": 1706697605, "token_type": "O-Bearer" }

Response Parameters

Parameter NameData TypeDescription
access_tokenStringToken generated at PhonePe, Generated token will remain valid for a specific time and this can be checked by referring to the “expires_at” field. After expiry, the token must be refreshed using the same API.
issued_atDateTimeToken generated timestamp in epoch.
session_expires_atDateTimeToken expiry timestamp in epoch.
token_typeStringType will be “O-Bearer”.

Note: Merchants should rely on the following response parameters.

  • access_token – The TOKEN that has be used in the API calls with PhonePe.
  • expires_at – The validity of the TOKEN