Payment Gateway
QR Code
Payment Links
Payment Invoice
Subscriptions
International Merchants
AI Router
Food Wallet
Paytm Cash
Paytm Gold
Smart Retail
POS HardwarePOSTOAuth Token API
Use Case
This API is used to get new JWT tokens by passing either authorization code or refresh token in the request. This is supported using following values in the grant_type parameter:
- authorization_code - This grant type is used to get a new Refresh token and SSO token (also known as access token for a paytm user)
- refresh_token - This grant type is used to get a new SSO token for a paytm user by passing the refresh token in the request
Header
| ATTRIBUTRE | DESCRIPTION |
|---|---|
|
Authorization string |
This is a base64 encoded string of “clientId:clientSecret” |
Request Attributes
Body
| Attribute | Description |
|---|---|
grantType string mandatory | Grant type for API Possible Values: authorization_code, refresh_token |
code string conditional | The authorization code received from in Custom UI SDK. |
deviceId string mandatory | Unique Device Id of the user’s phone |
refreshToken string conditional | A JWT token having longer validity and can be used to get a new access token for a paytm user |
Response Attributes
API Content Type: JSON
Success Response
| ATTRIBUTE | DESCRIPTION | |
|---|---|---|
|
scope string |
Scope of the token received Example: paytm, wallet |
|
|
accessToken string |
Received SSO token of the user Example: eyJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiZGlyIn0..xxxxxxxxxxx.9iHTtWbCZ0I6qbn2sUnyz5siw1fqbmtEnFMFE7nSIX-yrwCkiGfAC6QmPr9q-tw8LMPOh5-3UXRbpeVZEupQd3wNyaArWybRX2HAxJDRD8mxJ_wxzJM6GZ1ov4O3EIsx2Y_Zr0aHCd3VbnTjRUnlVdxXJPFG8QZs0b_2TVdoAX3_QjZS8_dwcmIWoH8ebDzOIs7MJacETfMtyFGAo8Xc0LjznToUWvTsTbIXQoF1yB0.1fZFAYJVsY61BTv2htLcXQ8800
|
|
|
refreshToken string |
A JWT token having longer validity and can be used to get a new access token for a paytm user Example: eyJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiZGlyIn0..xxxxxxxxxxx.9iHTtWbCZ0I6qbn2sUnyz5siw1fqbmtEnFMFE7nSIX-yrwCkiGfAC6QmPr9q-tw8LMPOh5-3UXRbpeVZEupQd3wNyaArWybRX2HAxJDRD8mxJ_wxzJM6GZ1ov4O3EIsx2Y_Zr0aHCd3VbnTjRUnlVdxXJPFG8QZs0b_2TVdoAX3_QjZS8_dwcmIWoH8ebDzOIs7MJacETfMtyFGAo8Xc0LjznToUWvTsTbIXQoF1yB0.1fZFAYJVsY61BTv2htLcXQ8800
|
|
|
tokenType string |
Possible Values: BEARER | |
|
expiresIn string |
Expiry timer of the SSO token Example: 1594011297000 |
Failure Response
| ATTRIBUTE | DESCRIPTION |
|---|---|
|
error string |
This is the error corresponding to a particular error description and is returned to the merchant. The different error codes corresponding to this API are mentioned below . |
|
error_description string |
This parameter is the error_description which contains information about the failure result. |
Note: If Authorization header is incorrect then the response will not come and you will face HTTP Status code "401"
Response Codes & Messages
| ResponseCode | Status | Message |
|---|---|---|
| BE1422001 | FAILURE | scope is not refreshable |
| BE1422002 | FAILURE | invalid refresh token |
| BE1423001 | FAILURE | Depending upon the use case the result message could be one from the following list:
|
| BE1423003 | FAILURE | The grant type is not given to the client |
| BE1423004 | FAILURE | Authorization is invalid |
| NA | FAILURE | Client permission not found |
Device Id Nomenclature
curl -X POST 'https://accounts-uat.paytm.com/oauth2/v3/token/sv1/' \
--header 'Authorization: Basic {BASE64_ENCODED_CLIENT_ID_AND_CLIENT_SECRET}' \
--header 'Content-Type: application/json' \
--data '{
"grantType": "authorization_code",
"code": "999e3877-97c1-XXXX-b19d-6c8787983300",
"deviceId": "Device123"
}'
