Using access token
Endpoint
Sandbox URL:
POST https://sandbox.tropipay.me/api/v3/access/token
Live URL
https://www.tropipay.com/api/v3/access/token
Description
This endpoint is used to obtain an access token using the client credentials grant type. The access token is required to authenticate API requests.
Headers
| Key | Value | Description |
|---|---|---|
| Content-Type | application/json | Specifies the request body format. |
| User-Agent | YourAppName/Version | (Optional) Identifies the client making the request. |
Request Body
The request body must be sent as JSON and include the following parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
| grant_type | string | Yes | Must be set to client_credentials. |
| client_id | string | Yes | The client ID provided by Tropipay. |
| client_secret | string | Yes | The client secret provided by Tropipay. |
Example Request (cURL)
curl --request POST \
--url https://tropipay-dev.herokuapp.com](https://sandbox.tropipay.me/api/v3/access/token \
--header 'Content-Type: application/json' \
--data '{
"grant_type": "client_credentials",
"client_id": "your_client_id",
"client_secret": "your_client_secret"
}'
Response
A successful request returns a JSON object containing the access token.
Example Response
{
"access_token": "your_access_token",
"refresh_token": "your_refresh_token",
"token_type": "Bearer",
"expires_in": 1741987517,
"scope": "ALLOW_EXTERNAL_CHARGE ALLOW_CREATE_BENEFICIARY ALLOW_UPDATE_BENEFICIARY ALLOW_PAYMENT_IN ALLOW_PAYMENT_OUT ALLOW_MARKET_PURCHASES ALLOW_GET_PROFILE_DATA ALLOW_GET_BALANCE ALLOW_GET_MOVEMENT_LIST ALLOW_GET_POS_MOVEMENT_BY_CREDENTIALS"
}
Response Parameters
| Parameter | Type | Description |
|---|---|---|
| access_token | string | The token to use for API authentication. |
| refresh_token | string | A token used to obtain a new access token. |
| token_type | string | The type of token, typically Bearer. |
| expires_in | number | Token validity duration in seconds. |
| scope | string | The permissions granted to the token. |
Error Handling
If the request fails, the API returns an error response. Common error responses include:
| HTTP Status | Error Code | Description |
|---|---|---|
| 400 | invalid_request | Missing or invalid parameters. |
| 401 | invalid_client | Invalid client credentials. |
| 403 | forbidden | Unauthorized access. |
Example Error Response
{
"error": {
"type": "VALIDATION_ERROR",
"code": "VALIDATION_ERROR",
"message": "Credential not found",
"details": [],
"i18n": "Parámetros inválidos"
}
}
tip
- Ensure your
client_idandclient_secretare kept secure. - The
access_tokenmust be included in theAuthorizationheader of subsequent API requests. - Tokens typically expire after a set period (
expires_in), and a new token must be requested when expired.