# Generate tokens Exchange the authorization code you received from the [Authorize endpoint](oauth-authorize) for an 'access token' API credential, with which you can communicate with the Mollie API on behalf of the consenting merchant. This endpoint can only be accessed using **OAuth client credentials**. > 🔑 Access with > > [OAuth access token](/reference/authentication) # OpenAPI definition ```json { "openapi": "3.1.0", "info": { "title": "Mollie Connect", "version": "1.0.0", "license": { "name": "Attribution-NonCommercial-ShareAlike 4.0 International", "identifier": "CC-BY-NC-SA-4.0" } }, "servers": [ { "url": "https://api.mollie.com" } ], "security": [ { "apiKey": [] }, { "organizationAccessToken": [] }, { "oAuth": [] } ], "paths": { "/oauth2/tokens": { "servers": [ { "url": "https://api.mollie.com/oauth2" } ], "post": { "security": [ { "oAuth": [] } ], "summary": "Generate tokens", "x-speakeasy-name-override": "generate", "tags": [ "OAuth API" ], "operationId": "oauth-generate-tokens", "description": "Exchange the authorization code you received from the [Authorize endpoint](oauth-authorize) for an 'access token' API credential, with which you can communicate with the Mollie API on behalf of the consenting merchant.\n\nThis endpoint can only be accessed using **OAuth client credentials**.\n\n> 🔑 Access with\n>\n> [OAuth access token](/reference/authentication)", "parameters": [ { "name": "Authorization", "description": "The OAuth client ID and client secret as [basic access credentials](https://en.wikipedia.org/wiki/Basic_access_authentication).\n\nPseudo code: `\"Basic \" + toBase64(client_id + \":\" + client_secret)`\n\nFor example: `Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==`", "in": "header", "schema": { "type": "string" }, "required": true }, { "name": "Content-Type", "description": "This header value must match the type of the request body you send, if there is a request body. For example, if you send the request body as JSON, this header must be set to `application/json`, and if you send it as form encoded you must set this header to `application/x-www-form-urlencoded`.", "in": "header", "schema": { "type": "string" }, "required": false } ], "requestBody": { "content": { "application/json": { "schema": { "type": "object", "properties": { "grant_type": { "type": "string", "description": "If you wish to exchange your authorization code for an app access token, use grant type `authorization_code`. If you wish to renew your app access token with your refresh token, use grant type `refresh_token`.\n\nPossible values: `authorization_code` `refresh_token`" }, "code": { "type": [ "string", "null" ], "description": "The authorization code you received when creating the authorization. Only use this field when using grant type `authorization_code`." }, "refresh_token": { "type": [ "string", "null" ], "description": "The refresh token you received when creating the authorization. Only use this field when using grant type `refresh_token`." }, "redirect_uri": { "type": [ "string", "null" ], "description": "The URL the merchant is sent back to once the request has been authorized. It must match the URL you set when registering your app.\n\nFor consecutive refresh token requests, this parameter is required only if the initial authorization code grant request also contained a `redirect_uri`." } }, "required": [ "grant_type" ] } } } }, "responses": { "200": { "description": "The newly generated access token and refresh token.", "content": { "text/html": { "schema": { "type": "object", "properties": { "access_token": { "type": "string", "description": "The app access token, with which you will be able to access the Mollie API on the merchant's behalf." }, "refresh_token": { "type": "string", "description": "The refresh token, with which you will be able to retrieve new app access tokens on this endpoint. The refresh token does not expire." }, "expires_in": { "type": "integer", "description": "The number of seconds left before the app access token expires. Be sure to renew your app access token before this reaches zero." }, "token_type": { "type": "string", "description": "As per OAuth standards, the provided app access token can only be used with `bearer` authentication.\n\nPossible values: `bearer`" }, "scope": { "type": "string", "description": "A space-separated list of [permissions](https://docs.mollie.com/docs/permissions)." } } }, "examples": { "oauth-generate-tokens": { "summary": "The newly generated access token and refresh token", "value": { "access_token": "access_46EUJ6x8jFJZZeAvhNH4JVey6qVpqR", "refresh_token": "refresh_FS4xc3Mgci2xQ5s5DzaLXh3HhaTZOP", "expires_in": 3600, "token_type": "bearer", "scope": "payments.read organizations.read" } } } } } } }, "x-readme": { "code-samples": [ { "language": "shell", "code": "# Create tokens request\ncurl -X POST https://api.mollie.com/oauth2/tokens \\\n -u app_j9Pakf56Ajta6Y65AkdTtAv:S5lTvMDTjl95HGnwYmsszDtbMp8QBE2lLcRJbD7I\n -d \"grant_type=authorization_code\" \\\n -d \"code=auth_IbyEKUrXmGW1J8hPg6Ciyo4aaU6OAu\"\n\n# Refresh tokens request\ncurl -X POST https://api.mollie.com/oauth2/tokens \\\n -u app_j9Pakf56Ajta6Y65AkdTtAv:S5lTvMDTjl95HGnwYmsszDtbMp8QBE2lLcRJbD7I\n -d \"grant_type=refresh_token\" \\\n -d \"refresh_token=refresh_FS4xc3Mgci2xQ5s5DzaLXh3HhaTZOP\"" }, { "language": "php", "install": "composer require mollie/oauth2-mollie-php", "code": "/*\nWe don't have a PHP code example for this\nAPI call yet.\n\nIf you have some time to spare, feel free to\nshare suggestions on our Discord:\nhttps://discord.gg/VaTVkXB4aQ\n*/" }, { "language": "node", "code": "/*\nWe don't have a Node.js code example for this\nAPI call yet.\n\nIf you have some time to spare, feel free to\nshare suggestions on our Discord:\nhttps://discord.gg/VaTVkXB4aQ\n*/", "install": "npm install @mollie/api-client" }, { "language": "python", "code": "'''\nWe don't have a Python code example for this\nAPI call yet.\n\nIf you have some time to spare, feel free to\nshare suggestions on our Discord:\nhttps://discord.gg/VaTVkXB4aQ\n'''", "install": "pip install mollie-api-python" }, { "language": "ruby", "code": "# We don't have a Ruby code example for this\n# API call yet.\n#\n# If you have some time to spare, feel free to\n# share suggestions on our Discord:\n# https://discord.gg/VaTVkXB4aQ", "install": "gem install mollie-api-ruby" } ] } } } }, "components": { "securitySchemes": { "apiKey": { "type": "http", "scheme": "bearer", "x-default": "live_dHar4XY7LxsDOtmnkVtjNVWXLSlXsM" }, "organizationAccessToken": { "type": "http", "scheme": "bearer", "x-default": "access_dHar4XY7LxsDOtmnkVtjNVWXLSlXsM" }, "oAuth": { "type": "oauth2", "flows": { "authorizationCode": { "authorizationUrl": "https://my.mollie.com/oauth2/authorize", "tokenUrl": "https://api.mollie.com/oauth2/tokens", "scopes": {} } } } } }, "x-readme": { "explorer-enabled": false, "samples-languages": [ "shell", "php", "node", "python", "ruby" ] } } ```