Authentication

POST 
/oauth2/token

Use this address to generate the authorization token that must be sent in the header of other requests. You must use the CLIENT_ID and CLIENT_SECRET defined in the credential provided by PicPay. Each authorization token generated will be valid for 5 (five) minutes, requiring a new token to be requested. This flow must be included in your application.

For more details, see our page about the authentication process.

Request

application/json

Body

required

grant_type stringrequired

Possible values: [client_credentials]

Defines the oauth flow of the token request.

In the case of the PicPay Acquiring API it is always client_credentials.

client_id stringrequired

Possible values: Value must match regular expression ^[\w\-]+$

client_secret stringrequired

Possible values: Value must match regular expression ^[\w]+$

Responses

200

Successful response in the authentication and token update flow token.

application/json

Schema

Schema

access_token stringrequired

Possible values: Value must match regular expression ^([\w=]+)\.([\w=]+)\.([\w\-\+\/=]*)

expires_in int32required
refresh_expires_in int32
token_type stringrequired

Possible values: Value must match regular expression ^[\w]+$

not-before-policy int32
scope stringrequired

Possible values: Value must match regular expression ^[\w\.\- ]+$

A string with all the scopes of the credential separated by an empty space.

acquirer-terminal-id string

Possible values: Value must match regular expression ^[\d]+$

seller-acquirer-id string

Possible values: Value must match regular expression ^[\d]+$

authorization_details

TokenResponseAuthorizationDetail[]

Array [

type string

Possible values: Value must match regular expression ^[\w]+$

account_id string

Possible values: Value must match regular expression ^[\w\-]+$

fingerprint string

Possible values: Value must match regular expression ^[\w\-]+$

display_name string

Possible values: Value must match regular expression ^[\w\- ]+$

]

Example (from schema)

{
  "access_token": "string",
  "expires_in": 300,
  "refresh_expires_in": 0,
  "token_type": "Bearer",
  "not-before-policy": 1640873903,
  "scope": "ecommerce.acquirer.transactional credential.client_secret.rotate",
  "acquirer-terminal-id": "00057831",
  "seller-acquirer-id": "0000000005968341",
  "authorization_details": [
    {
      "type": "authorized_account",
      "account_id": "28a1586b-c810-48df-99ba-f1d304ba00f9",
      "fingerprint": "28a1586b-c810-48df-99ba-f1d304ba00f9",
      "display_name": "PicPay Wallet"
    }
  ]
}

401

The 400 Bad Request errors are caused by some fault during authentication. The following errors can be displayed:

• invalid_client: Client authentication failure. For example, when the client includes client_id and client_secret in the authorization header, but there is no such client with that client_id and client_secret.

• unauthorized_client: The client does not have permission for granting code or for update tokens.

• unsupported_grant_type: Returned if grant_type is different from authorization_code or refresh_token.

application/json

Schema

Schema

error stringrequired

Possible values: Value must match regular expression ^[\w]+$

error_description stringrequired

Possible values: Value must match regular expression ^[\w\.\-= ]+$

Example (from schema)

{
  "error": "unauthorized_client",
  "error_description": "Invalid client or Invalid client credentials"
}

Loading...