SearchFetch Auth Token API
Merchant backend should call this API to get an auth token, which will be used to authorize the subsequent API calls between the Merchant & PhonePe backend.
- The generated token can be used to make multiple API calls until it expires.
- Merchant can save the token and rely on the “expires_at” field for the expiry of the token, within which the token should be refreshed by using the same API.
Host Details
| Environment | Value |
|---|---|
UAT | https://api-preprod.phonepe.com/apis/pg-sandbox |
PROD | https://api.phonepe.com/apis/identity-manager |
Endpoint
/v1/oauth/token – Endpoint is common for UAT and Production.
Complete Host Details
| Environment | Http Method | Value |
|---|---|---|
UAT | POST | https://api-preprod.phonepe.com/apis/pg-sandbox/v1/oauth/token |
PROD | POST | https://api.phonepe.com/apis/identity-manager/v1/oauth/token |
Request Details
Request Headers
| Header Name | Header Value |
|---|---|
Content-Type | application/x-www-form-urlencoded |
Request Parameters
| Parameter Name | Description |
|---|---|
client_id | Client ID shared by PhonePe |
client_version | In case of UAT, client_version value should be 1. In case of PROD, use the value as received in credentials email. |
client_secret | Client secret shared by PhonePe |
grant_type | Value will be “client_credentials” |
Sample Request
curl --location 'https://api-preprod.phonepe.com/apis/pg-sandbox/v1/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=CLIENT_ID' \
--data-urlencode 'client_version=1' \
--data-urlencode 'client_secret=CLIENT_SECRET' \
--data-urlencode 'grant_type=client_credentials'NOTE : Above CURL has the UAT Host URL and the dummy data for client_id and client_secret. Ensure to replace with the appropriate values.
Response Body
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHBpcmVzT24iOjE3MjA2MzUzMjE5OTYsIm1lcmNoYW50SWQiOiJWUlVBVCJ9.4YjYHI6Gy6gzOisD_628wfbaI46dMSc5T_0gZ2-SAJo",
"encrypted_access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHBpcmVzT24iOjE3MjA2MzUzMjE5OTYsIm1lcmNoYW50SWQiOiJWUlVBVCJ9.4YjYHI6Gy6gzOisD_628wfbaI46dMSc5T_0gZ2-SAJo",
"expires_in": null,
"issued_at": 1706073005,
"expires_at": 1706697605,
"session_expires_at": 1706697605,
"token_type": "O-Bearer"
}Response Parameters
| Parameter Name | Data Type | Description |
|---|---|---|
access_token | String | Token generated at PhonePe, Generated token will remain valid for a specific time and this can be checked by referring to the “expires_at” field. After expiry, the token must be refreshed using the same API. |
issued_at | DateTime | Token generated timestamp in epoch. (in seconds) |
expires_at | DateTime | Token expiry timestamp in epoch. (in seconds) |
token_type | String | Type will be “O-Bearer”. |
Note: Merchants should rely on the following response parameters.
access_token– The TOKEN that has to be used in the API calls with PhonePe.expires_at– The validity of the TOKEN (in seconds)