POST https://api.mollie.com/oauth2/tokens
Exchange the authorization code you received from the Authorize endpoint for an 'access token' API credential, with which you can communicate with the Mollie API on behalf of the consenting merchant.
This endpoint can only be accessed using OAuth client credentials.
Headers
Authorization string (required)
Authorization string (required)The OAuth client ID and client secret as basic access credentials.
Pseudo code:
"Basic " + toBase64(client_id + ":" + client_secret)For example:
Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Body parameters
grant_type string (required)
grant_type string (required)If you wish to exchange your authorization code for an app access token, use grant type
authorization_code.If you wish to renew your app access token with your refresh token, use grant typerefresh_token.Possible values:
authorization_coderefresh_token
code string | null
code string | nullThe authorization code you received when creating the authorization. Only use this field when using grant type
authorization_code.
refresh_token string | null
refresh_token string | nullThe refresh token you received when creating the authorization. Only use this field when using grant type
refresh_token.
redirect_uri string | null
redirect_uri string | nullThe URL the merchant is sent back to once the request has been authorized. It must match the URL you set when registering your app.
For consecutive refresh token requests, this parameter is required only if the initial authorization code grant request also contained a
redirect_uri.
Response
200 OK
access_token string
access_token stringThe app access token, with which you will be able to access the Mollie API on the merchant's behalf.
refresh_token string
refresh_token stringThe refresh token, with which you will be able to retrieve new app access tokens on this endpoint. The refresh token does not expire.
expires_in integer
expires_in integerThe number of seconds left before the app access token expires. Be sure to renew your app access token before this reaches zero.
token_type string
token_type stringAs per OAuth standards, the provided app access token can only be used with
bearerauthentication.Possible values:
bearer
scope string
scope stringA space-separated list of permissions.
Example response
{
"access_token": "access_46EUJ6x8jFJZZeAvhNH4JVey6qVpqR",
"refresh_token": "refresh_FS4xc3Mgci2xQ5s5DzaLXh3HhaTZOP",
"expires_in": 3600,
"token_type": "bearer",
"scope": "payments.read organizations.read"
}
