API Reference
Start typing to search…

Validate Auth Code and Client

post https://uat-accounts.payu.in/oauth/oauth/token
Log in to see full request history

The Validate Auth Code and Client API is used for validating auth code and client.

Environment

Testhttps://uat-accounts.payu.in
Productionhttps://accounts.payu.in

πŸ“˜

Notes:

  • The grant type for the grant_type parameter for this API is authorization_code.
  • For the client credentials, refer to Download Client Credentials.
Sample request 
curl --location --request POST 'https://test-accounts.payu.in/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=68a276132f82c056a6ed9b5e00e45523c260544b87dd3cc91840d591bd93' \
--data-urlencode 'client_secret=93f29bd09aca64f304ee8380232310f7caa0bc2dcd838f15903dc85b0110b' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'code=23e563c95e3c433e38072fef0c8d18b21d8598c51eb498814e7c9cadd60edc09' \
--data-urlencode 'redirect_uri=http://www.abcdefghi/success'
Sample response

Success response

  • Status - 200
{
    "access_token": "e6ff7e34b704be2b14c8ae3c0e776597df4ae7de9e12d3e4c79781fcbbf2c4bb",
    "token_type": "Bearer",
    "expires_in": 7199,
    "refresh_token": "356fe080daa69438e0c2d3b0a80b3fe4aa3f78b264e6092e95e4429ae59486a7",
    "scope": "credentials_using_oauth create_payment_links read_payment_links update_payment_links delete_payment_links",
    "created_at": 1709198191,
    "user_uuid": "11ed-933c-d307ba06-b71a-0a64ecf8a4cc"
}

Failure response

The following response is displayed for the following failure scenarios:

Error CodeReasonResult
401Without client secret{
"error": "invalid_client",
"error_description": "Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method."
}
401Without redirect URL{
"error": "invalid_request",
"error_description": "The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed."
}
401With an invalid client secret{
"error": "invalid_client",
"error_description": "Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method."
}
401Without grant type{
"error": "invalid_request",
"error_description": "The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed."
}
401With an invalid grant type{
"error": "invalid_client",
"error_description": "Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method."
}
401Without authorization code{
"error": "invalid_grant",
"error_description": "The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."
}
401With an invalid auth code{
"error": "invalid_grant",
"error_description": "The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."
}
401With an invalid client secret{
"error": "invalid_client",
"error_description": "Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method."
}
401With an invalid redirect URL{
"error": "invalid_grant",
"error_description": "The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."
}
Response parameters
ParametersDescription
access_tokenIndicates the Security Token used to get access in Partner/Payouts API calls.
token_typeType of authorization token
expire_inIndicates the TTL i.e., the time limit (in seconds) after which the Security Token will expire
refresh_tokenUsed to refresh the access_token. To know more, read Refresh Token section
scopeRepresents the allowed scopes in generated security token. For e.g., the generated token can be used only for Payouts API requests
created_atIndicates the Time of Creation in milliseconds
user_uuidIndicates the Unique Identifier for the user.

Request parameters

Form Data
string
required

The client identifier is specified in this parameter.

string
required

The client secret code is specified in this parameter.

string
required

Grant type is used by clients to obtain an access token outside of the context of a user. The grant type is specified in this parameter.

string
required

The client authorization code is specified in this parameter.

string
required

The redirect URL is specified in this parameter.

Headers
const
required
Response
200

Updated 12 months ago

Did this page help you?
Language
Click Try It! to start a request and see the response here!

Updated 12 months ago

Did this page help you?