This documentation is deprecated
Please refer to the updated documentation https://docs.payadvantage.com.au/reference/authentications_post-1
Refresh Token
Once the user has authorised your app, you will need to exchange the code for a Refresh Token. As the Refresh Token typically has a long lifetime you must keep this safe and store/secure using heavy encryption.
Refresh Tokens are used to generate Access Tokens which have a limited lifespan. If a malicious party is able to get the Refresh Token, then they will be able to generate unlimited Access Tokens and access a Merchant’s data.
Request using JSON
URL: https://api.payadvatange.com.au/v3/token
Method: POST
Content-Type: application/json
{
“code”: “eyJhbGciOiJFUz...”,
“client_id”: “800d8763d38c4661859ea5d603d989a2”,
“client_secret”: “47dc71eacd7c49c6b68f4e829262fb09”,
“grant_type”: “authorization_code”,
“redirect_uri”: “https://example.com/oauth_callback”
}
PKCE Request using a JSON
URL: https://api.payadvatange.com.au/token
Method: POST
Content-Type: application/json
{
“code”: “eyJhbGciOiJFUz...”,
“client_id”: “800d8763d38c4661859ea5d603d989a2”,
“code_verifier”: “h21pC6u26p4dmw1gH29KPQodOp3l23tvej0TQ0mg4MagVLZUEWRVynkb57NX6Fnw”,
“grant_type”: “authorization_code”,
“redirect_uri”: “https://example.com/oauth_callback”
}
Request using a form post
URL: https://api.payadvatange.com.au/v3/token
Method: POST
Content-Type: application/x-www-form-urlencoded
code=eyJhbGciOiJFUz...&client_id=800d8763d38c4661859ea5d603d989a2&client_secret=47dc71eacd7c49c6b68f4e829262fb09&grant_type=authorization_code&redirect_uri=tps%3A%2F%2Fexample.com%2Foauth_callback
PKCE Request using a form post
URL: https://api.payadvatange.com.au/v3/token
Method: POST
Content-Type: application/x-www-form-urlencoded
code=eyJhbGciOiJFUz...&client_id=800d8763d38c4661859ea5d603d989a2&code_verifier=h21pC6u26p4dmw1gH29KPQodOp3l23tvej0TQ0mg4MagVLZUEWRVynkb57NX6Fnw&grant_type=authorization_code&redirect_uri=tps%3A%2F%2Fexample.com%2Foauth_callback
Successful Response
Status: 200
Content-Type: application/json
{
"access_token”: “eyJhbGciOiJFUzI1NiIsI...”,
“expires_in”: 1800,
“token_type”: “Bearer”,
“refresh_token”: “BvisN7OihiQtZnvE8AxibAonmhw...”
}
Errors
Invalid Request
Status: 400
Content-Type: application/json
{
“error”: “invalid_grant”,
"error_description”: "The \"code\" provided cannot be understood."
}
Not Authorised
Status: 401
Content-Type: application/json
{
“error”: “unauthorized_client”,
"error_description”: "\"client_id\" not found or authorized for user."
}
Invalid Credentials
Status: 401
Content-Type: application/json
{
“error”: “invalid_client”,
“error_description”: “Incorrect credentials.”
}
Retrieving a new Access Token from a Refresh Token
When the access token has expired, you will need to refresh it.
Request
URL: https://api.payadvantage.com.au/v3/token
Method: POST
Content-Type: application/json
{
“grant_type”: “refresh_token”,
“refresh_token”: “BvisN7OihiQtZnvE8AxibAonmhw...”
}
Successful Response
Status: 200
Content-Type: application/json
{
“access_token”: “eyJhbGciOiJFUzI1NiIsI...”,
“expires_in”: 1800,
“token_type”: “Bearer”
}
Errors
Invalid Request
Status: 400
Content-Type: application/json
{
“ErrorCode”: “request_error”,
“Messages”: [ “Invalid grant_type.” ]
}
Forbidden
Status: 403
Content-Type: application/json
{
“ErrorCode”: “forbidden”,
“Messages”: [ “Authorization code has expired.” ]
}
Not Found
Status: 404
Content-Type: application/json
{
“ErrorCode”: “not_found”,
“Messages”: [ “App User has been deactivated.” ]
}
Comments
0 comments
Please sign in to leave a comment.