post https://uat-accounts.payu.in/oauth/oauth/token
The Validate Auth Code and Client API is used for validating auth code and client.
Environment
| Test | https://uat-accounts.payu.in |
| Production | https://accounts.payu.in |
Notes:
- The grant type for the grant_type parameter for this API is authorization_code.
- For the client credentials, refer to Download Client Credentials.
Sample request
curl --location --request POST 'https://test-accounts.payu.in/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=68a276132f82c056a6ed9b5e00e45523c260544b87dd3cc91840d591bd93' \
--data-urlencode 'client_secret=93f29bd09aca64f304ee8380232310f7caa0bc2dcd838f15903dc85b0110b' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'code=23e563c95e3c433e38072fef0c8d18b21d8598c51eb498814e7c9cadd60edc09' \
--data-urlencode 'redirect_uri=http://www.abcdefghi/success'
Sample response
Success response
- Status - 200
{
"access_token": "e6ff7e34b704be2b14c8ae3c0e776597df4ae7de9e12d3e4c79781fcbbf2c4bb",
"token_type": "Bearer",
"expires_in": 7199,
"refresh_token": "356fe080daa69438e0c2d3b0a80b3fe4aa3f78b264e6092e95e4429ae59486a7",
"scope": "credentials_using_oauth create_payment_links read_payment_links update_payment_links delete_payment_links",
"created_at": 1709198191,
"user_uuid": "11ed-933c-d307ba06-b71a-0a64ecf8a4cc"
}
Failure response
The following response is displayed for the following failure scenarios:
| Error Code | Reason | Result |
|---|---|---|
| 401 | Without client secret | { "error": "invalid_client", "error_description": "Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method." } |
| 401 | Without redirect URL | { "error": "invalid_request", "error_description": "The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed." } |
| 401 | With an invalid client secret | { "error": "invalid_client", "error_description": "Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method." } |
| 401 | Without grant type | { "error": "invalid_request", "error_description": "The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed." } |
| 401 | With an invalid grant type | { "error": "invalid_client", "error_description": "Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method." } |
| 401 | Without authorization code | { "error": "invalid_grant", "error_description": "The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client." } |
| 401 | With an invalid auth code | { "error": "invalid_grant", "error_description": "The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client." } |
| 401 | With an invalid client secret | { "error": "invalid_client", "error_description": "Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method." } |
| 401 | With an invalid redirect URL | { "error": "invalid_grant", "error_description": "The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client." } |
Response parameters
| Parameters | Description |
|---|---|
| access_token | Indicates the Security Token used to get access in Partner/Payouts API calls. |
| token_type | Type of authorization token |
| expire_in | Indicates the TTL i.e., the time limit (in seconds) after which the Security Token will expire |
| refresh_token | Used to refresh the access_token. To know more, read Refresh Token section |
| scope | Represents the allowed scopes in generated security token. For e.g., the generated token can be used only for Payouts API requests |
| created_at | Indicates the Time of Creation in milliseconds |
| user_uuid | Indicates the Unique Identifier for the user. |