# Getting an Access Token
As a first step in getting an access token, you will need to obtain the {SELF_SIGNED_JWT}, which is signed with your app's private key. The payload for the JWT should contain the following parameters:
{
"exp": 1585694203,
"iat": 1585691303,
"iss": "urn:aid:43d223e7-0783-4889-822a-b1df827352c2",
"sub": "urn:aid:43d223e7-0783-4889-822a-b1df827352c2",
"aud": "https://services.poynt.net",
"jti": "f3d223e7-0783-4889-822a-b1df827352c6"
}
# Claims explained:
exp
: Expiry time for the self generated jwtiat
: Time the jwt is issued/creatediss
: Issuer of the jwt (your appId)sub
: Subject of the jwt (your appId)aud
: Audience the jwt is intented for ("https://services.poynt.net or "https://services-eu.poynt.net" for EU)jti
: Unique identifier for the jwt
TIP
The payload shown in the json code snippet needs to be encoded with your application's private key using one of the supported algorithms such as RS256, RS384, PS256, PS384 or PS512.
# Access Token Request
Use the self-signed JWT to perform a request for the Access Token. To do this, you must make a HTTP POST request from your server to https://services.poynt.net/token
and include the following headers and arguments:
Headers:
- Accept: application/json
- api-version: 1.2
- Content-Type: application/x-www-form-urlencoded
Body:
- grantType: urn:ietf:params:oauth:grant-type:jwt-bearer
- assertion: {SELF_SIGNED_JWT}
Curl Request Example
curl -XPOST 'https://services.poynt.net/token' \
-H "Accept: application/json" \
-H "api-version: 1.2" \
-d "grantType=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion={SELF_SIGNED_JWT}"
# Example response:
{
"expiresIn": 86400,
"accessToken": "eyJhbGciOiJSUzI1NiJ9.eyJwb3ludC51aWQiOjE1MjYzNzgsInN1YiI6InVy...",
"refreshToken": "1:1:1:2:emjXrINpTMI7aLvMZfdPHEH/OTtSZlI+BqfmBi+iJ0aRS40BJrYWvqU04I...",
"scope": "ALL",
"tokenType": "BEARER"
}
The accessToken
is an encoded JWT (https://jwt.io) containing the claims.
{
"aud": "urn:aid:43d223e7-0783-4889-822a-b1df827352c2",
"sub": "urn:aid:43d223e7-0783-4889-822a-b1df827352c2",
"poynt.aur": "co.poynt.posapp",
"poynt.sct": "J",
"poynt.org": "69f1712e-e8f1-4c44-9ec8-6f15a5beecb1",
"iss": "https://services.poynt.net",
"poynt.kid": 13316956343565198000,
"poynt.aty": "S",
"exp": 1585717703,
"iat": 1585591303,
"jti": "68c64659-dcba-44f7-8515-33117294411e"
}
# Merchant Access Token
The following steps explain how to get the access token for the merchant after Oauth.
NOTE
These steps should be followed only for the specific cases that require a Merchant Access Token.
It's important to highlight that you must generate the Self-signed JWT as described in the first steps of this page.
From your server, make a HTTP POST request to https://services.poynt.net/token
and include the following headers and arguments:
Headers:
- Content-Type: application/x-www-form-urlencoded
- api-version: 1.2
- Authorization: Bearer {self-signed-jwt}
Body:
- grant_type=authorization_code
- redirect_uri={redirect_uri}
- client_id={appId}
- code={code}
Curl Request Example
curl -XPOST 'https://services.poynt.net/token' \
-H "Accept: application/json" \
-H "Authorization: Bearer {self-signed-jwt}" \
-d 'grant_type=authorization_code&code={CODE}&client_id={APP_ID}&redirect_uri={OAUTH CALLBACK URL'}
# Example response:
{
"expiresIn": 86400,
"accessToken": "eyJhbGciOiJSUzI1NiJ9.eyJwb3ludC51aWQiOjE1MjYzNzgsInN1YiI6InVy...",
"refreshToken": "1:1:1:2:emjXrINpTMI7aLvMZfdPHEH/OTtSZlI+BqfmBi+iJ0aRS40BJrYWvqU04I...",
"scope": "ALL",
"tokenType": "BEARER"
}
The access token includes the following claims:
{
"poynt.uid": 1526378,
"sub": "{YOUR_APP_ID}",
"aud": "{YOUR_APP_ID}",
"poynt.aur": "{APP_PACKAGE_NAME}",
"poynt.sct": "J",
"poynt.biz": "{MERCHANT_BUSINESS_ID}",
"poynt.org": "69f1712e-e8f1-4c44-9ec8-6f15a5beecb1",
"iss": "https://services.poynt.net",
"poynt.kid": 6957716317166682000,
"exp": 1463519061,
"iat": 1463432661,
"jti": "c374c9f8-87bd-4705-b3d0-e6d078fd17af",
}
# Refresh Token
As you may have noticed, the current access and merchant tokens have a duration of 24 hours before they become obsolete. For this reason, we have designed a Refresh Token that allows you to regenerate your Access and Merchant Tokens.
Headers
- Content-Type: application/x-www-form-urlencoded
- api-version: 1.2
Body:
- grantType: REFRESH_TOKEN
- refreshToken: {refresh_token}
TIP
The {refresh_token} should come from the Access Token section.
Curl Request Example
{
curl -XPOST 'https://services.poynt.net/token' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Poynt-Request-Id: {{guid}}' \
-H 'api-version: 1.2' \
-d 'grantType=REFRESH_TOKEN' \
-d 'refreshToken={refresh_token}'
}
Sample Response
{
"expiresIn": 86400,
"accessToken": "{access_token}",
"refreshToken": "{refresh_token}",
"scope": "ALL",
"tokenType": "BEARER"
}