The purpose of following the OAuth2 flow is to help you retrieve an access token using your application's private client credentials. Complete details of the specification are available in RFC 6749 section 4.4.
Send the following parameters www-form-encoded in the request body to the token endpoint:
| Environment | Token Endpoint |
|---|---|
| Production | https://auth.dailypay.com/oauth2/token |
| UAT | https://auth.uat.dailypay.com/oauth2/token |
The OAuth2 grant type
A space-separated list of scopes to request
The client id of the application requesting the token.
The client secret of the application requesting the token.
- Production environment
https://auth.dailypay.com/oauth2/token
- Development environment
https://auth.uat.dailypay.com/oauth2/token
- JavaScript
- Go
- C#
- Java
- Python
- Ruby
- cURL
const formData = {
grant_type: 'client_credentials',
scope: 'client:lookup health:read',
client_id: 'your_client_id',
client_secret: 'your_client_secret'
};
const resp = await fetch(
`https://auth.dailypay.com/oauth2/token`,
{
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
},
body: new URLSearchParams(formData).toString()
}
);
const data = await resp.text();
console.log(data);The resulting access token can be used to make requests to the DailyPay Public REST API:
{ "access_token": "dpo_38347Ae178B4a16C7e42F292c6912E7710c8", "refresh_token": "dpo_38347Ae178B4a16C7e42F292c6912E7710c9", "token_type": "bearer", "scope": "user:read_write", "id_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.4FjJ3eZJYJj7J9Jf", "expires_in": 3600 }
The authorization code, access token, and refresh tokens can vary in size but will typically remain under 4096 bytes.