For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Log in to the PayOS Dashboard
GuidesAPI ReferenceHelp Center
GuidesAPI ReferenceHelp Center
  • Getting Started
    • Introduction to PayOS
    • Account Setup
    • Authentication
  • Core Concepts
    • Webhooks
    • Merchant Location
  • Integration Guides
    • Hosted Checkout
    • Secure Fields (BETA)
    • Direct API Integration
  • Advanced Features
    • Recurring Payments (BETA)
    • Fraud Prevention (BETA)
    • Mobile Number Verification
  • Best Practices
    • Security Best Practices
    • Error Handling
    • Rate Limiting
Log in to the PayOS Dashboard
LogoLogo
On this page
  • Overview
  • OAuth 2.0 Authentication
  • Steps to Set Up OAuth Authentication:
  • Example OAuth Flow:
  • Token Handling:
  • Example API Call Using OAuth:
  • Handling Authentication Failures
  • Best Practices for Authentication
Getting Started

Authentication

Securing API access with authentication
Was this page helpful?
Edit this page
Previous

Testing Connectivity

Verifying your connection to the PayOS API
Next
Built with

Overview

All requests to the PayOS API require authentication to ensure secure access. PayOS supports OAuth 2.0 as the primary method of authentication. This guide explains how to use OAuth 2.0 effectively.

OAuth 2.0 Authentication

OAuth 2.0 is an advanced method for managing access, especially for larger teams or third-party integrations. It allows users to grant access to specific parts of the system without sharing credentials.

Steps to Set Up OAuth Authentication:

  1. Create an OAuth client from the API Access section in the PayOS dashboard.
  2. Configure redirect URIs for the client.
  3. Use the following endpoints for authorization and token management.

Example OAuth Flow:

$# Step 1: Request token with merchantId and clientSecret
$curl --request POST 'https://api.payos.money/api/v1/oauth2/token' --header 'Content-Type: application/json' --data-raw '{
>    "merchantId": "YOUR_MERCHANT_ID",
>    "clientSecret": "YOUR_CLIENT_SECRET"
>}'

Token Handling:

  • Access Token: Used to authenticate API requests.
  • Refresh Token: Allows you to obtain a new access token without user interaction.

Example API Call Using OAuth:

$curl --request GET 'https://api.payos.money/api/v1/payment' --header 'Authorization: Bearer YOUR_ACCESS_TOKEN'

Handling Authentication Failures

If authentication fails, the PayOS API returns a 401 Unauthorized response. Ensure that:

  • The access token is correctly included in the Authorization header.
  • Tokens are not expired or revoked.
  • OAuth clients have the necessary permissions.

Best Practices for Authentication

  • Monitor Usage: Keep track of token usage through the PayOS dashboard.
  • Secure Storage: Store tokens securely in environment variables or a secrets manager.
  • Revocation: Immediately revoke compromised tokens.