Authentication

POST 
/oauth2/token

Use this address to generate the authorization token that must be sent in the header of other requests. It is necessary to use the CLIENT_ID and CLIENT_SECRET defined in the credential provided by PicPay. Each authorization token generated will be valid for 5 (five) minutes, requiring a new token request. This flow must be included in your application.

For more details, see our page about the authentication process.

Request

Responses

200

Success response in authentication and update flow token.

401

400 Bad Request errors are caused by some failure during authentication. The following errors may be displayed:

• invalid_client: Client authentication failed. For example, when the client includes client_id and client_secret in the authorization header, but there is no such client with that client_id and client_secret.
• unauthorized_client: The client does not have permission for code grant flow or refresh tokens.
• unsupported_grant_type: Returned if grant_type is different of authorization_code or refresh_token.