If you’re integrating PhonePe’s payment gateway into your application, you must ensure that communication between your server and PhonePe’s backend is secure. To achieve this, you must first generate an Auth Token, which is used to authorize all coming API requests. This article will walk you through the process of generating an authentication token with PHP.
What is an authorization token in PhonePe?
An auth token is a security signature that authorizes requests from your backend to PhonePe. It is generated based on your client_id, client_version, client_secret, and grant_type.
Also Read: Integrating Razorpay Payment Gateway in PHP
How to get client_id, client_version, client_secret, and grant_type?
To get this details:
Note: If you don’t get this details then contact to support team to generate this for you.
Generate and Fetch Authorization Token using API
Host Details:
Environment:
UAT: https://api-preprod.phonepe.com/apis/pg-sandbox/v1/oauth/token
PROD: https://api.phonepe.com/apis/identity-manager/v1/oauth/token
Endpoint
/v1/oauth/token – Endpoint is common for UAT and Production.
We will use above UAT api url and test credentials to generate Auth Token. Please follow the below code snippets:
Content-Type: application/x-www-form-urlencoded (Request Headers)
|
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
<?php $client_id="Your_Client_ID"; $client_version=1; $client_secret="Your_Client_SECRET"; $grant_type="client_credentials"; $curl = curl_init(); curl_setopt_array($curl, array( CURLOPT_URL => 'https://api-preprod.phonepe.com/apis/pg-sandbox/v1/oauth/token', CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => '', CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 0, CURLOPT_FOLLOWLOCATION => true, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => 'POST', CURLOPT_POSTFIELDS => 'client_id='.$client_id.'&client_version='.$client_version.'&client_secret='.$client_secret.'&grant_type='.$grant_type, CURLOPT_HTTPHEADER => array( 'Content-Type: application/x-www-form-urlencoded' ), )); $response = curl_exec($curl); curl_close($curl); $getToken=json_decode($response, true) ; print_r($getToken); ?> |
Get a professionally designed and developed website tailored to your needs.
As an experienced website developer based in Delhi NCR, I offer customized solutions to build responsive, SEO-friendly, and user-friendly websites. Whether it’s for a personal blog, business site, or e-commerce store, I ensure your online presence stands out.
Response Body
access_token– The token required for making API requests to PhonePeexpires_at– The validity of the Generated TOKEN (in seconds)
Token Reusability & Expiry
PhonePe gives you a token that works for a limited time. You can check when it expires using the ‘expires_at’ field. After it expires, you need to get a new one using the same API.
Do you want to get implementation help, or modify or extend the functionality of this script? Submit a paid service request
Conclusion
Creating and managing an authorization token is an important part of your PhonePe integration. Always keep the token securely stored, reused efficiently, and refreshed before it expires. This not only secures your integration, but also ensures that your users have a smooth payment experience.
When you understand the signing process, you can easily generate the PhonePe authentication token in PHP. By securing your API calls with this token, you ensure a reliable and safe integration with PhonePe’s backend.
Related Article:
Pradeep Maurya is the Professional Web Developer & Designer and the Founder of “Tutorials website”. He lives in Delhi and loves to be a self-dependent person. As an owner, he is trying his best to improve this platform day by day. His passion, dedication and quick decision making ability to stand apart from others. He’s an avid blogger and writes on the publications like Dzone, e27.co
