Tokens

Connect API
POSThttps://api.mollie.com/oauth2/tokens

Authentication: OAuth client credentials

Exchange the auth code received at the Authorize endpoint for an actual access token, with which you can communicate with the Mollie API.

Parameters

grant_type
string
required

If you wish to exchange your auth code for an access token, use grant type authorization_code. If you wish to renew your access token with your refresh token, use grant type refresh_token.

Possible values: authorization_code refresh_token

code
string
optional
The auth code you’ve received when creating the authorization. Only use this field when using grant type authorization_code.
refresh_token
string
optional
The refresh token you’ve received when creating the authorization. Only use this field when using grant type refresh_token.
redirect_uri
string
required
The URL the merchant is sent back to once the request has been authorized. It must match the URL you set when registering your app.

Response

200 application/json; charset=utf-8

access_token
string
The access token, with which you will be able to access the Mollie API on the merchant’s behalf.
refresh_token
string
The refresh token, with which you will be able to retrieve new access tokens on this endpoint. Please note that the refresh token does not expire.
expires_in
integer
The number of seconds left before the access token expires. Be sure to renew your access token before this reaches zero.
token_type
string

As per OAuth standards, the provided access token can only be used with bearer authentication.

Possible values: bearer

scope
string
A space separated list of permissions. Please refer to Permissions for the full permission list.

Example

Initial request

1
2
curl -u client_id:client_secret https://api.mollie.com/oauth2/tokens \
    -d "grant_type=authorization_code&code=abc123"

Initial response

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8

{
    "access_token": "access_46EUJ6x8jFJZZeAvhNH4JVey6qVpqR",
    "refresh_token": "refresh_FS4xc3Mgci2xQ5s5DzaLXh3HhaTZOP",
    "expires_in": 3600,
    "token_type": "bearer",
    "scope": "payments.read organizations.read"
}

Now that we have a refresh token, we should renew the access token before its expiry date as follows:

Refresh request

1
2
curl -u client_id:client_secret https://api.mollie.com/oauth2/tokens \
    -d "grant_type=refresh_token&refresh_token=refresh_FS4xc3Mgci2xQ5s5DzaLXh3HhaTZOP"

Refresh response

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8

{
    "access_token": "access_TRbHbeB3my8XywBAdT6HRkGAJMuh4",
    "refresh_token": "refresh_FS4xc3Mgci2xQ5s5DzaLXh3HhaTZOP",
    "expires_in": 3600,
    "token_type": "bearer",
    "scope": "payments.read organizations.read"
}