SearchPostman Collection
Click here to fork the PhonePe APIs Postman collection and start testing instantly.
Fetch Auth Token API
Merchant backend should call this API to get an auth token, which will be used to authorize the subsequent API calls between the Merchant & PhonePe backend.
- The generated token can be used to make multiple API calls until it expires.
- Merchant can save the token and rely on the “expires_at” field for the expiry of the token, within which the token should be refreshed by using the same API.
Host Details
| Environment | Value |
|---|---|
UAT | https://api-preprod.phonepe.com/apis/pg-sandbox |
PROD | https://api.phonepe.com/apis/identity-manager |
Endpoint
/v1/oauth/token – Endpoint is common for UAT and Production.
Complete Host Details
| Environment | Http Method | Value |
|---|---|---|
UAT | POST | https://api-preprod.phonepe.com/apis/pg-sandbox/v1/oauth/token |
PROD | POST | https://api.phonepe.com/apis/identity-manager/v1/oauth/token |
Request Details
Request Headers
| Header Name | Header Value |
|---|---|
Content-Type | application/x-www-form-urlencoded |
Request Parameters
| Parameter Name | Description |
|---|---|
client_id | Client ID shared by PhonePe |
client_version | In case of UAT, client_version value should be 1. In case of PROD, use the value as received in credentials email. |
client_secret | Client secret shared by PhonePe |
grant_type | Value will be “client_credentials” |
Sample Request
curl --location 'https://api-preprod.phonepe.com/apis/pg-sandbox/v1/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=CLIENT_ID' \
--data-urlencode 'client_version=1' \
--data-urlencode 'client_secret=CLIENT_SECRET' \
--data-urlencode 'grant_type=client_credentials'NOTE : Above CURL has the UAT Host URL and the dummy data for client_id and client_secret. Ensure to replace with the appropriate values.
Response Body
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHBpcmVzT24iOjE3MjA2MzUzMjE5OTYsIm1lcmNoYW50SWQiOiJWUlVBVCJ9.4YjYHI6Gy6gzOisD_628wfbaI46dMSc5T_0gZ2-SAJo",
"encrypted_access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHBpcmVzT24iOjE3MjA2MzUzMjE5OTYsIm1lcmNoYW50SWQiOiJWUlVBVCJ9.4YjYHI6Gy6gzOisD_628wfbaI46dMSc5T_0gZ2-SAJo",
"expires_in": null,
"issued_at": 1706073005,
"expires_at": 1706697605,
"session_expires_at": 1706697605,
"token_type": "O-Bearer"
}Response Parameters
| Parameter Name | Data Type | Description |
|---|---|---|
access_token | String | Token generated at PhonePe, Generated token will remain valid for a specific time and this can be checked by referring to the “expires_at” field. After expiry, the token must be refreshed using the same API. |
issued_at | DateTime | Token generated timestamp in epoch (in seconds) |
expires_at | DateTime | Token expiry timestamp in epoch (in seconds) |
token_type | String | Type will be “O-Bearer”. |
Note: Merchants should rely on the following response parameters.
access_token– The TOKEN that has to be used in the API calls with PhonePe.expires_at– The validity of the TOKEN (in seconds)