POSTRefresh Token API

Use Case

This API is used to get a new SSO token for the Paytm user after its expiry. The refresh token received in the response of Validate OTP API is used to get a new SSO token.

Attribute	Description
Authorization string mandatory	This is a base64 encoded string of “clientId:clientSecret”

Attribute

Description

Authorization

string
mandatory

This is a base64 encoded string of “clientId:clientSecret”

Request Attributes

Content Type : JSON

Body

Attribute	Description
grantType string mandatory	Grant type for API Possible Values: refresh_token
deviceId string mandatory	Device Id used in Send OTP API
refreshToken string mandatory	Value of Refresh token received in response to Validate OTP API.

Response Attributes

API Content Type: JSON

Success Response

ATTRIBUTE	DESCRIPTION
scope string	Scope of the token received Example: paytm, wallet
accessToken string	Received SSO token of the user Example: eyJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiZGlyIn0..xxxxxxxxxxx.9iHTtWbCZ0I6qbn2sUnyz5siw1fqbmtEnFMFE7nSIX-yrwCkiGfAC6QmPr9q-tw8LMPOh5-3UXRbpeVZEupQd3wNyaArWybRX2HAxJDRD8mxJ_wxzJM6GZ1ov4O3EIsx2Y_Zr0aHCd3VbnTjRUnlVdxXJPFG8QZs0b_2TVdoAX3_QjZS8_dwcmIWoH8ebDzOIs7MJacETfMtyFGAo8Xc0LjznToUWvTsTbIXQoF1yB0.1fZFAYJVsY61BTv2htLcXQ8800
tokenType string	Possible Values: BEARER
expiresIn string	Expiry timer of the SSO token Example: 1594011297000

Failure Response

ATTRIBUTE	DESCRIPTION
error string	This is the error corresponding to a particular error description and is returned to the merchant. The different error codes corresponding to this API are mentioned below.
error_description string	This parameter is the error_description which contains information about the failure result.

ATTRIBUTE

DESCRIPTION

error

string

This is the error corresponding to a particular error description and is returned to the merchant.
The different error codes corresponding to this API are mentioned below.

error_description

string

This parameter is the error_description which contains information about the failure result.

Note: If Authorization header is incorrect then the response will not come and you will face HTTP Status code "401"

Response Codes & Messages

ResponseCode	Status	Message
403	FAILURE	scope is not refreshable
BE1422001	FAILURE	when some token is requested for refresh and is not refreshable.
BE1422001	FAILURE	scope is not refreshable
BE1422002	FAILURE	invalid refresh token
BE1423001	FAILURE	illegal parameters etc.
BE1423001	FAILURE	token format, not supported
BE1423001	FAILURE	authorization failed
BE1423003	FAILURE	The grant type is not given to the client
BE1423004	FAILURE	Authorization is invalid
BE1423005	FAILURE	invalid authorization code
BE1526000	FAILURE	internal server error
NA	FAILURE	Client permission not found

⇾

Staging

Production

https://accounts-uat.paytm.com/oauth2/v3/token/sv1 copy icon

REQUEST

RESPONSE

CURL

JAVA

NODE

PHP

PYTHON

DOTNET

curl -X POST 'https://accounts-uat.paytm.com/oauth2/v3/token/sv1/' \
--header 'Authorization: Basic {BASE64_ENCODED_CLIENT_ID_AND_CLIENT_SECRET}' \
--header 'Content-Type: application/json' \
--data '{
    "grantType": "refresh_token",
    "refreshToken": "eyJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiZGlyIn0..DjiFueBM9p2ydJdZ.gckBfCcxO8NYSpmBfC4l6OirDCSskDoJjol_RMLZjzMkwL1GpOG3VeHVmV9ZXhXql_xxxxxxxxxxxxxxxxx_MdPgtfCFxc-PFELV-8eSyNeTgT4FhTxmOR19LJve0W7NQmSZtJFRPTC8hl_xxxxxxxxxxx_LCzGDPjTYOAQRBrgbLN7yBWdYyopeiGprlze-1SwTqU3Lu97gdM_e8mpcwCPcnzuNVxctSQmIDQdiVCgGHvKP8sOXivfTo.6KZU_zLuQmXl2OJsTZgMuw3000",
    "deviceId": "Device123"
}'