Authentication
POST/oauth2/token
Use this address to generate the authorization token that must be sent in the header of other requests. You must use the CLIENT_ID
and CLIENT_SECRET
defined in the credential provided by PicPay.
Each authorization token generated will be valid for 5 (five) minutes, requiring a new token to be requested. This flow must be included in your application.
For more details, see our page about the authentication process.
Request​
- application/json
Body
required
Possible values: [client_credentials
]
Defines the oauth flow of the token request.
In the case of the PicPay Acquiring API it is always
client_credentials
.
Possible values: Value must match regular expression ^[\w\-]+$
Possible values: Value must match regular expression ^[\w]+$
Responses​
- 200
- 401
Successful response in the authentication and token update flow token.
- application/json
- Schema
- Example (from schema)
Schema
Array [
]
Possible values: Value must match regular expression ^([\w=]+)\.([\w=]+)\.([\w\-\+\/=]*)
Possible values: Value must match regular expression ^[\w]+$
Possible values: Value must match regular expression ^[\w\.\- ]+$
A string with all the scopes of the credential separated by an empty space.
Possible values: Value must match regular expression ^[\d]+$
Possible values: Value must match regular expression ^[\d]+$
authorization_details
TokenResponseAuthorizationDetail[]
Possible values: Value must match regular expression ^[\w]+$
Possible values: Value must match regular expression ^[\w\-]+$
Possible values: Value must match regular expression ^[\w\-]+$
Possible values: Value must match regular expression ^[\w\- ]+$
{
"access_token": "string",
"expires_in": 300,
"refresh_expires_in": 0,
"token_type": "Bearer",
"not-before-policy": 1640873903,
"scope": "ecommerce.acquirer.transactional credential.client_secret.rotate",
"acquirer-terminal-id": "00057831",
"seller-acquirer-id": "0000000005968341",
"authorization_details": [
{
"type": "authorized_account",
"account_id": "28a1586b-c810-48df-99ba-f1d304ba00f9",
"fingerprint": "28a1586b-c810-48df-99ba-f1d304ba00f9",
"display_name": "PicPay Wallet"
}
]
}
The 400 Bad Request errors are caused by some fault during authentication. The following errors can be displayed:
-
invalid_client: Client authentication failure. For example, when the client includes client_id and client_secret in the authorization header, but there is no such client with that client_id and client_secret.
-
unauthorized_client: The client does not have permission for granting code or for update tokens.
-
unsupported_grant_type: Returned if grant_type is different from authorization_code or refresh_token.
- application/json
- Schema
- Example (from schema)
Schema
Possible values: Value must match regular expression ^[\w]+$
Possible values: Value must match regular expression ^[\w\.\-= ]+$
{
"error": "unauthorized_client",
"error_description": "Invalid client or Invalid client credentials"
}