An authorization code is an intermediate token used in the server-side app flow. The authorization code grant is used when an application exchanges an authorization code for an access token. After the user returns to the application via the redirect URL, the application will get the authorization code from the URL and use it to request an access token. This request will be made to the token endpoint. The Authorization Code is always returned when using the Hybrid Flow.
- How do I get it? You receive the Authorization Code via a round trip to the MobilePay Authorization server.
- What do I use it for? You request a response using the Authorization Code at the Token Endpoint
- For how long is it valid? Code has a lifetime of 5 minutes and can only be used once.
Merchant only needs to give consent once, unless you loose the Authorization Code, the Authorization Code expires, or you loose the access token.Please ensure you do not use the Authorization code more than once, and that it is used within 5 minutes.
A Client makes a Token Request by presenting its Authorization Grant (in the form of an Authorization Code) to the Token Endpoint using the grant_type value authorization_code