Generate tokens

OAuth API
POSThttps://api.mollie.com/oauth2/tokens

Authentication: OAuth client credentials

Exchange the auth code received at the Authorize endpoint for an actual app access token, with which you can communicate with the Mollie API.

Parameters

grant_typestringrequired

If you wish to exchange your auth code for an app access token, use grant type authorization_code. If you wish to renew your app access token with your refresh token, use grant type refresh_token.

Possible values: authorization_code refresh_token

codestringoptional
The auth code you’ve received when creating the authorization. Only use this field when using grant type authorization_code.
refresh_tokenstringoptional
The refresh token you’ve received when creating the authorization. Only use this field when using grant type refresh_token.
redirect_uristringoptional

The URL the merchant is sent back to once the request has been authorized. It must match the URL you set when registering your app.

Note

When refreshing a token, this parameter is required if the initial authorization_code grant request contained a redirect_uri.

Response

200 application/json; charset=utf-8

access_tokenstring
The app access token, with which you will be able to access the Mollie API on the merchant’s behalf.
refresh_tokenstring
The refresh token, with which you will be able to retrieve new app access tokens on this endpoint. The refresh token does not expire.
expires_ininteger
The number of seconds left before the app access token expires. Be sure to renew your app access token before this reaches zero.
token_typestring

As per OAuth standards, the provided app access token can only be used with bearer authentication.

Possible values: bearer

scopestring
A space-separated list of permissions. Refer to Permissions for the full permission list.

Example

Initial request

1
2
curl -u app_j9Pakf56Ajta6Y65AkdTtAv:S5lTvMDTjl95HGnwYmsszDtbMp8QBE2lLcRJbD7I https://api.mollie.com/oauth2/tokens \
-d "grant_type=authorization_code&code=auth_IbyEKUrXmGW1J8hPg6Ciyo4aaU6OAu"

Initial response

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8

{
    "access_token": "access_46EUJ6x8jFJZZeAvhNH4JVey6qVpqR",
    "refresh_token": "refresh_FS4xc3Mgci2xQ5s5DzaLXh3HhaTZOP",
    "expires_in": 3600,
    "token_type": "bearer",
    "scope": "payments.read organizations.read"
}

Now that we have a refresh token, we should renew the app access token before its expiry date as follows:

Refresh request

1
2
curl -u app_j9Pakf56Ajta6Y65AkdTtAv:S5lTvMDTjl95HGnwYmsszDtbMp8QBE2lLcRJbD7I https://api.mollie.com/oauth2/tokens \
-d "grant_type=refresh_token&refresh_token=refresh_FS4xc3Mgci2xQ5s5DzaLXh3HhaTZOP"

Refresh response

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8

{
    "access_token": "access_TRbHbeB3my8XywBAdT6HRkGAJMuh4",
    "refresh_token": "refresh_FS4xc3Mgci2xQ5s5DzaLXh3HhaTZOP",
    "expires_in": 3600,
    "token_type": "bearer",
    "scope": "payments.read organizations.read"
}