Obtain an access token using OAuth 2.0 Client Credentials flow for API authentication
The Get Token API returns the authentication token generated using the client ID and client secret.
Environment
| Test | https://uat-accounts.payu.in |
|---|---|
| Production | https://accounts.payu.in |
Additional information for request parameters
| Parameters | Description |
|---|---|
| client\_id | For getting your client ID, refer to [Get Client ID and Secret from Dashboard](doc:get-client-id-and-secret-from-dashboard) |
| client\_secret | For getting your client secret, refer to [Get Client ID and Secret from Dashboard](doc:get-client-id-and-secret-from-dashboard) |
| scope |
The scope that must be used for payment links are: * **Create Link**: create\_payment\_links * **Change status and expiry**: update\_payment\_links * **Get a single payment link**: read\_payment\_links * **Get all payment links**: read\_payment\_links * **Share payment links**: read\_payment\_links **Note**: Merchant can pass up to three scopes simultaneously for an access token value. This is done by passing scopes separated by a space between them. For example: create\_payment\_links update\_payment\_links read\_payment\_links |
| grant\_type | This parameter contains a constant value used to get the access token. The grant\_type used across the partner integration is **client\_credentials**. |
Response parameters
| Parameter | Description |
|---|---|
| access_token | The access token to be used in Partner Integration APIs. |
| token_type | The token type of the access token. |
| expires_in | The expiry time in seconds of the access token. |
| scope | The scope of the access token. |
| created_at | The UNIX time stamp when the access token was created. |
Note:The expiry period of the token generated using this API is configurable by you (partner). The expiry period (in seconds) of the token is displayed in the expires_in parameter of the response. For example, in the following response, the value of the expires_in is 7200 seconds:
{ "access_token": "82c38b64e072f3d64da6e4e6efee9789ffe1250f0cd04c20753d6e6f25df9cc7", "token_type": "Bearer", "expires_in": 7200, "scope": "send_sign_in_otp", "created_at": 1595411399 }
Sample request
curl --location -g --request POST '{{hub_base_url}}/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id={{client_id}}' \
--data-urlencode 'client_secret={{client_secret}}' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=read_payment_links'Sample response
{
"access_token": "ea4ed864b4d2a04b90c1e987a5d25a5da1d43fa5f7d123be6814a1e973f196c4",
"token_type": "Bearer",
"expires_in": 7011,
"scope": "create_payment_links",
"created_at": 1763036368
}Failure scenarios
* Client authentication failed
{
"error": "invalid_client",
"error_description": "Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method."
}* Invalid Scope
{
"error": "invalid_scope",
"error_description": "The requested scope is invalid, unknown, or malformed."
}* Unauthorised client
{
"error": "unauthorized_client",
"error_description": "The authenticated client is not authorized to use this authorization grant type."
}* Rate limit exceeded
{
"error": "rate_limit_exceeded",
"error_description": "Too many requests. Please retry after some time.",
"retry_after": 60
}* Server error
{
"error": "server_error",
"error_description": "The authorization server encountered an unexpected condition that prevented it from fulfilling the request."
}