The purpose of following the OAuth2 flow is to help you retrieve an access token using your application's private client credentials. Complete details of the specification are available in RFC 6749 section 4.4.
Send the following parameters www-form-encoded in the request body to the token endpoint:
| Environment | Token Endpoint |
|---|---|
| Production | https://auth.dailypay.com/oauth2/token |
| UAT | https://auth.uat.dailypay.com/oauth2/token |
grant_typestringrequired
The OAuth2 grant type
Value "client_credentials"
scopestringrequired
A space-separated list of scopes to request
Example: "client:lookup health:read"
client_idstringrequired
The client id of the application requesting the token.
Example: "your_client_id"
client_secretstringrequired
The client secret of the application requesting the token.
Example: "your_client_secret"
- Production environmenthttps://auth.dailypay.com/oauth2/token
- Development environmenthttps://auth.uat.dailypay.com/oauth2/token
- JavaScript
- Go
- C#
- Java
- Python
- Ruby
- cURL
const formData = {
grant_type: 'client_credentials',
scope: 'client:lookup health:read',
client_id: 'your_client_id',
client_secret: 'your_client_secret'
};
const resp = await fetch(
`https://auth.dailypay.com/oauth2/token`,
{
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
},
body: new URLSearchParams(formData).toString()
}
);
const data = await resp.text();
console.log(data);The resulting access token can be used to make requests to the DailyPay REST API:
Response
application/json
{ "access_token": "dpo_38347Ae178B4a16C7e42F292c6912E7710c8", "refresh_token": "dpo_38347Ae178B4a16C7e42F292c6912E7710c9", "token_type": "bearer", "scope": "user:read_write", "id_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.4FjJ3eZJYJj7J9Jf", "expires_in": 3600 }
The authorization code, access token, and refresh tokens can vary in size but will typically remain under 4096 bytes.