Access Token Application
Use this interface with the Authorization Consult Interface to obtain an access token, or use this interface independently to get a new access token via the refresh token when an existing access token expires.
Request parameters
Collapse All
grantTypeEnumRequired
Indicates which parameter is to be used to obtain the access token. Possible values are:
- AUTHORIZATION_CODE: Authorization Code, which is used by confidential and public clients to exchange an authorization code for an access token. After the user returns to the client via the redirect URL, the application will get the authorization code from the URL and use it to request an access token.
- REFRESH_TOKEN: Refresh Token, which is used by authClient to exchange a refresh token for an access token when the access token has expired. This allows clients to continue to have a valid access token without further interaction with the user.
customerBelongsToString(16)Required
The e-wallet that the customer uses. Possible values are:
- TRUEMONEY
- ALIPAY_HK
- TNG
- ALIPAY_CN
- GCASH
- DANA
- KAKAOPAY
authCodeString(32)Optional
The authorization code, which is used by confidential and public clients to exchange an authorization code for an access token. After the user returns to the client via the redirect URL, the application will get the authorization code from the URL and use it to request an access token.
refreshTokenString(128)Optional
The refresh token, which is used by the auth client to exchange for a new access token when the access token expires. By using the refresh token, new access tokens can be obtained without further interaction with the user.
Response parameters
Collapse All
resultResultRequired
The request result, which contains information related to the request result, such as status and error codes.
resultCodeString(16)Required
Result code
resultStatusEnumRequired
Result status. Possible values are:
- S: Indicates that the result status is successful.
- F: Indicates that the result status is failed.
- U: Indicates that the result status is unknown.
resultMessageString(64)Optional
Result message
accessTokenString(128)Optional
An access token that can be used to access the user resource scope
accessTokenExpiryTimeDatetime Optional
Access token expiration time, which follows the ISO 8601 standard. After this time, authClient will not be able to use this token to deduct from user's account.
refreshTokenString(128)Optional
The refresh token that is used by the auth client to exchange for a new access token when the access token expires. By using the refresh token, new access tokens can be obtained without further interaction with the user.
refreshTokenExpiryTimeDatetimeOptional
Refresh token expiration time, after which the auth client cannot use this token to retrieve a new access token. The value follows the ISO 8601 standard.
More information
This section gives additional information about certain parameters. See the following list for details:
- grantType
By specifying the value of grantType asREFRESH_TOKEN, the merchant can request an access token with the refresh token. The refresh token is obtained from the response of the previous accessToken Application call. - authCode:
The parameter is required when the value of grantType isAUTHORIZATION_CODE. The value of authCode is obtained from the reconstructed URL returned by PMP. By specifying the value of grantType asAUTHORIZATION_CODE, merchants can request an access token with authCode. - refreshToken:
The parameter is required when the value of grantType isREFRESH_TOKEN. - accessToken:
When authorization application is successful [result.resultStatus ==S], the auth client might use accessToken to acccess the corresponding user's resource scope. - accessTokenExpiryTime:
This parameter must be returned when authorization application is successful [result.resultStatus ==S], and the accessToken will be invalid after accessTokenExpiryTime. - refreshToken:
This parameter must be returned when authorization application is successful [result.resultStatus ==S], and the merchant can use the refreshToken to request for a new accessToken. - refreshTokenExpiryTime:
This parameter must be returned when authorization application is successful [result.resultStatus ==S], and the merchant will not be able to use the refreshToken to retrieve a new accessToken after refreshTokenExpiryTime.
Responses for different wallets
The responses for different wallets have slight differences in the extendInfo field.
Result process logic
For different request results, different actions are to be performed. See the following list for details:
- If the value of result.resultStatus is
S, then the application is successful. Merchant can use the access token to access the corresponding user resource scope. - If the value of result.resultStatus is
ForU, retry the process.
Result/Error codes
| Code | Value | Message |
|---|---|---|
| SUCCESS | S | Success |
| INVALID_AUTHCODE | F | The authorization code is invalid. |
| INVALID_REFRESH_TOKEN | F | The refresh token is invalid. |
| EXPIRED_REFRESH_TOKEN | F | The refresh token is expired. |
| PARAM_ILLEGAL | F | Illegal parameters exist. For example, a non-numeric input, or an invalid date. |
| PROCESS_FAIL | F | A general business failure occurred. Do not retry. |
| KEY_NOT_FOUND | F | The key is not found. |
| ACCESS_DENIED | F | Access denied |
| REQUEST_TRAFFIC_EXCEED_LIMIT | U | The request traffic exceeds the limit. |
| API_INVALID | F | API is invalid or not active. |
| CLIENT_INVALID | F | The client is invalid. |
| SIGNATURE_INVALID | F | The signature is invalid. |
| METHOD_NOT_SUPPORTED | F | The server does not implement the requested HTTP method. |
| MEDIA_TYPE_NOT_ACCEPTABLE | F | The server does not implement the media type that is acceptable to the client. |
| UNKNOWN_EXCEPTION | U | An API calling is failed, which is caused by unknown reasons. |
| USER_NOT_EXIST | F | The user does not exist. |
| USER_STATUS_ABNORMAL | F | The user status is abnormal. |
Request/Response Code
Request
Method
POST
Endpoint
v1/authorizations/applyToken
Header
Accept: application/json
URL
Domain name
Request Body
Request parameters
Get accessToken with authCode
Get accessToken with refreshToken
Response Body
Body content