Mini App

Get Access Token

The response to the initial authentication request includes an authorization code (code), which your application can exchange for an access token. To receive token, send a HTTP POST request below detailed.

$client = new http\Client;
$request = new http\Client\Request;


$body = new http\Message\Body;
$body->append(new http\QueryString(array(
  'redirect_uri' => '',
  'client_id' => 'ClientID given by MobiFinance',
  'client_secret' => 'ClientSecret given by MobiFinance',
  'code' => 'The authorization code returned from the initial request',
  'grant_type' => 'authorization_code'))

  'Content-Type' => 'application/x-www-form-urlencoded'


$response = $client->getResponse();
echo $response->getBody();
OkHttpClient client = new OkHttpClient().newBuilder().build();
MediaType mediaType = MediaType.parse("application/x-www-form-urlencoded");

RequestBody body = RequestBody.create(mediaType, "redirect_uri={}&client_id={ClientID given by MobiFinance}&client_secret={ClientSecret given by MobiFinance}&code={The authorization code returned from the initial request}&grant_type={authorization_code}");
Request request = new Request.Builder()
  .method("POST", body)
  .addHeader("Content-Type", "application/x-www-form-urlencoded")

Response response = client.newCall(request).execute();
Method POST
Content-Type application/x-www-form-urlencoded
Parameters Type Required Description
redirect_uri URL Yes Registered your application URL (must match schema and domain)
client_id string Yes Client ID provided by Mobifinance
client_secret string Yes Client secret provided by Mobifinance
code string Yes The authorization code returned from the initial request. This code represents logged user in MonPay backend.
grant_type string Yes As defined in the OAuth 2.0 specification, this field must contain a value of authorization_code.
Parameters Type Description
access_token string The token that can be send to API. Next step APIs will be called using this token.
token_type string Token type. (Bearer)
refresh_token string A token that may be used to obtain a new access token, included by default for installed applications. Refresh tokens are valid until the user revokes access. However, for this patch access_token is permanent so we do not user refresh_token yet.
expires_in integer The remaining lifetime of the access token. However, for this patch access_token is permanent so we do not user refresh_token yet.
Response type
Code Message Description
400 invalid_request Bad request
401 unauthorized_client Invalid client_id or client_secret
403 invalid_grant Invalid code
415 unsupported_grant_type Unsupported type
505 server_error Internal server error