Access Token Application
Use this interface with the Authorization Consult Interface to obtain an access token, or use this interface independently to get a new access token via the refresh token when an existing access token expires.
Request parameters
grantType Enum REQUIRED
Indicates which parameter is to be used to obtain the access token. Possible values are:
- AUTHORIZATION_CODE: Authorization Code, which is used by confidential and public clients to exchange an authorization code for an access token. After the user returns to the client via the redirect URL, the application will get the authorization code from the URL and use it to request an access token.
- REFRESH_TOKEN: Refresh Token, which is used by authClient to exchange a refresh token for an access token when the access token has expired. This allows clients to continue to have a valid access token without further interaction with the user.
customerBelongsTo String REQUIRED
The e-wallet that the customer uses. Possible values are:
- TRUEMONEY
- ALIPAY_HK
- TNG
- ALIPAY_CN
- GCASH
- DANA
- KAKAOPAY
- BKASH
More information:
- Maximum length: 16 characters
authCode String
The authorization code, which is used by confidential and public clients to exchange an authorization code for an access token. After the user returns to the client via the redirect URL, the application will get the authorization code from the URL and use it to request an access token.
More information:
- Maximum length: 32 characters
refreshToken String
The refresh token, which is used by the auth client to exchange for a new access token when the access token expires. By using the refresh token, new access tokens can be obtained without further interaction with the user.
More information:
- Maximum length: 128 characters
Response parameters
result Result REQUIRED
The request result, which contains information related to the request result, such as status and error codes.
accessToken String
An access token that can be used to access the user resource scope
More information:
- Maximum length: 128 characters
accessTokenExpiryTime Datetime
Access token expiration time, which follows the ISO 8601 standard. After this time, authClient will not be able to use this token to deduct from user's account.
refreshToken String
The refresh token that is used by the auth client to exchange for a new access token when the access token expires. By using the refresh token, new access tokens can be obtained without further interaction with the user.
More information:
- Maximum length: 128 characters
refreshTokenExpiryTime Datetime
Refresh token expiration time, after which the auth client cannot use this token to retrieve a new access token. The value follows the ISO 8601 standard.
API Explorer
Sample CodesRun in Sandbox
Request
URL
Method
POST
Case
Get accessToken with authCode
Request Body
Response
Response Body
More information
This section gives additional information about certain parameters. See the following list for details:
- grantType
By specifying the value of grantType asREFRESH_TOKEN, the merchant can request an access token with the refresh token. The refresh token is obtained from the response of the previous accessToken Application call. - authCode:
The parameter is required when the value of grantType isAUTHORIZATION_CODE. The value of authCode is obtained from the reconstructed URL returned by PMP. By specifying the value of grantType asAUTHORIZATION_CODE, merchants can request an access token with authCode. - refreshToken:
The parameter is required when the value of grantType isREFRESH_TOKEN. - accessToken:
When authorization application is successful [result.resultStatus ==S], the auth client might use accessToken to acccess the corresponding user's resource scope. - accessTokenExpiryTime:
This parameter must be returned when authorization application is successful [result.resultStatus ==S], and the accessToken will be invalid after accessTokenExpiryTime. - refreshToken:
This parameter must be returned when authorization application is successful [result.resultStatus ==S], and the merchant can use the refreshToken to request for a new accessToken. - refreshTokenExpiryTime:
This parameter must be returned when authorization application is successful [result.resultStatus ==S], and the merchant will not be able to use the refreshToken to retrieve a new accessToken after refreshTokenExpiryTime.
Responses for different wallets
The responses for different wallets have slight differences in the extendInfo field.
Response for TNG
Response for DANA
Response for GCASH
Response for KAKAOPAY
Response for ALIPAY_HK
Response for TRUEMONEY
Result process logic
For different request results, different actions are to be performed. See the following list for details:
- If the value of result.resultStatus is
S, then the application is successful. Merchant can use the access token to access the corresponding user resource scope. - If the value of result.resultStatus is
ForU, retry the process.
Result/Error codes
| Code | Value | Message |
|---|---|---|
| SUCCESS | S | Success |
| INVALID_AUTHCODE | F | The authorization code is invalid. |
| INVALID_REFRESH_TOKEN | F | The refresh token is invalid. |
| EXPIRED_REFRESH_TOKEN | F | The refresh token is expired. |
| PARAM_ILLEGAL | F | Illegal parameters exist. For example, a non-numeric input, or an invalid date. |
| PROCESS_FAIL | F | A general business failure occurred. Do not retry. |
| KEY_NOT_FOUND | F | The key is not found. |
| ACCESS_DENIED | F | Access denied |
| REQUEST_TRAFFIC_EXCEED_LIMIT | U | The request traffic exceeds the limit. |
| API_INVALID | F | API is invalid or not active. |
| CLIENT_INVALID | F | The client is invalid. |
| SIGNATURE_INVALID | F | The signature is invalid. |
| METHOD_NOT_SUPPORTED | F | The server does not implement the requested HTTP method. |
| MEDIA_TYPE_NOT_ACCEPTABLE | F | The server does not implement the media type that is acceptable to the client. |
| UNKNOWN_EXCEPTION | U | An API calling is failed, which is caused by unknown reasons. |
| USER_NOT_EXIST | F | The user does not exist. |
| USER_STATUS_ABNORMAL | F | The user status is abnormal. |