---
title: Oauth2
description: Authenticate using OAuth 2.0 to obtain access tokens for API requests.
---

OAuth 2.0, which stands for "Open Authorization," is a framework that enables a website or application to obtain access to resources managed by other web applications on a user's behalf. This protocol focuses on authorization and relies on access tokens. It is a data element that signifies the user's permission to access specific resources.

#### POST

```
https://kraken.airpay.co.in/airpay/pay/v4/api/oauth2
```

## Request Body

| Parameter | Type Value | Description | Value Like |
| --- | --- | --- | --- |
| client_id  required | String  <br>(1-20) | A unique identifier provided by the airpay, used as a credential for generating an access token. | `4b88dc` |
| client_secret  required | String  <br>(1-200) | A confidential key provided by the airpay team, used along with the Client ID to authenticate and generate an access token. | `51d68722cca2b4bb096262c326bd24bb` |
| merchant_id  required | Number  <br>(1-20) | airpay merchant identifier. | `456` |
| grant_type  required | String  <br>(1-50) | Specifies the authentication flow for obtaining an access token. | `client_credentials` |

## Success 200

| Parameter | Type Value | Description | Value Like |
| --- | --- | --- | --- |
| access_token  required | String | A temporary token used to authenticate API requests, obtained using valid client credentials. | `00f9a570f917aa8a5df6ae532b5b773f71a00a1a` |
| expires_in  required | String | The duration (in seconds) for which the access token remains valid before expiration. | `300` |
| scope  optional | String | Defines the level of access granted to the access token for specific API resources and actions. | `null` |

## PHP

```php

<?php
$merchant_id   = "<merchant_id>";
$client_secret = "<client_secret>";
$client_id     = "<client_id>";
$secretKey     = '<secretKey>';

$data = array();
$data['client_id']      = $client_id;
$data['client_secret']  = $client_secret;
$data['merchant_id']    = $merchant_id;
$data['grant_type']     = 'client_credentials';

$encdata	   = encrypt(json_encode($data), $secretKey);
$checksum   = checksum($data);

$payload    = ['merchant_id'=>$merchant_id,
               'encdata' => $encdata,
               'checksum' => $checksum
              ];

$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => 'https://kraken.airpay.co.in/airpay/pay/v4/api/oauth2/',
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_CUSTOMREQUEST => 'POST',
  CURLOPT_POSTFIELDS => $payload
));

$result = curl_exec($curl);

curl_close($curl);
$response = json_decode($result)->response;
$access_token_data = decrypt($response,$secretKey);
```

### Success Response

```json
    HTTP/1.1 200 OK
{
	"status_code": "200",
	"response_code": "00",
	"status": "success",
	"message": "Success",
	"data": {
		"access_token": "00f9a570f917aa8a5df6ae532b5b773f71a00a1a",
		"expires_in": 300,
		"scope": null
	}
}
```

### Error Response

```json
    HTTP/1.1 200 OK
{
	"status_code": "400",
	"error_code": "903",
	"status": "fail",
	"message": "Invalid client id or secret",
}
```