Validate Auth Code and Client API - Partner Integration

The Validate Auth Code and Client API is used for validating auth code and client.

Environment

📘

Notes:

The grant type for the grant_type parameter for this API is authorization_code.

Request parameters

Parameter Description Example

client_id
mandatory

string The client identifier is specified in this parameter. 

68a276132f82c056a6ed9b5
e00e45523c260544b87dd3cc91840d591bd93

client_secret
mandatory

string The client secret code is specified in this parameter.

93f29bd09aca64f304ee8380232310f7
caa0bc2dcd838f15903dc85b0110b

grant_type
mandatory

string Grant type is used by clients to obtain an access token outside of the context of a user. The grant type is specified in this parameter.

authorization_code

code
mandatory

string The client authorization code is specified in this parameter.

23e563c95e3c433e38072fef0c8d1
8b21d8598c51eb498814e7c9cadd60edc09

redirect_uri
mandatory

string The redirect URL is specified in this parameter.

https://www.abcdefghi/success

Sample request

curl --location 'https://uat-accounts.payu.in/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Cookie: USERTXNINFO=6513cd7fa47ae5.28444661' \
--data-urlencode 'client_id=6f7afb8ad5bc80bb51c7076449b67ee882430c8c06fda6f953d2a51f803c81a2' \
--data-urlencode 'client_secret=4fc4623fdb3e8218ee032d6ec40a7a186d546e57f65b3c7adb4704bcc530e041' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'code=a5a6b9694555ead09c8e024c0ddbe008590344d7e55d6d25af0f6881d7f3c67a' \
--data-urlencode 'redirect_uri=https://abc.in'

Response parameters

ParametersDescription
access_tokenIndicates the Security Token used to get access in Partner/Payouts API calls.
token_typeType of authorization token
expire_inIndicates the TTL i.e., the time limit (in seconds) after which the Security Token will expire
refresh_tokenUsed to refresh the access_token. To know more, read Refresh Token section
scopeRepresents the allowed scopes in generated security token. For e.g., the generated token can be used only for Payouts API requests
created_atIndicates the Time of Creation in milliseconds
user_uuidIndicates the Unique Identifier for the user.

Sample response

Success response

  • Status - 200
{
    "access_token": "e6ff7e34b704be2b14c8ae3c0e776597df4ae7de9e12d3e4c79781fcbbf2c4bb",
    "token_type": "Bearer",
    "expires_in": 7199,
    "refresh_token": "356fe080daa69438e0c2d3b0a80b3fe4aa3f78b264e6092e95e4429ae59486a7",
    "scope": "credentials_using_oauth create_payment_links read_payment_links update_payment_links delete_payment_links",
    "created_at": 1709198191,
    "user_uuid": "11ed-933c-d307ba06-b71a-0a64ecf8a4cc"
}

Failure response

The following response is displayed for the following failure scenarios:

Error Code

Reason

Result

401

Without client secret

{
"error": "invalid_client",
"error_description": "Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method."
}

401

Without redirect URL

{
"error": "invalid_request",
"error_description": "The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed."
}

401

With an invalid client secret

{
"error": "invalid_client",
"error_description": "Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method."
}

401

Without grant type

{
"error": "invalid_request",
"error_description": "The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed."
}

401

With an invalid grant type

{
"error": "invalid_client",
"error_description": "Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method."
}

401

Without authorization code

{
"error": "invalid_grant",
"error_description": "The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."
}

401

With an invalid auth code

{
"error": "invalid_grant",
"error_description": "The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."
}

401

With an invalid client secret

{
"error": "invalid_client",
"error_description": "Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method."
}

401

With an invalid redirect URL

{
"error": "invalid_grant",
"error_description": "The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."
}

Ask AI Beta

Hi! I am an AI Assistant. Ask me about PayU and get help with your integration.
Responses are generated by AI, may contain some mistakes.

EXAMPLE QUESTIONS