Response Mode (Response_mode) is an Authorization Request parameter that informs the Authorization Server of the mechanism to be used for returning Authorization Response parameters from the Authorization_endpoint.

In the /authorize request you need to follow our docs here

Each value for response_mode delivers different behavior:

  • form_post sends the token response as a form post instead of a fragment encoded redirect . In this mode, Authorization Response parameters are encoded as HTML form values that are auto-submitted in the User Agent, and thus are transmitted via the HTTP POST method to the Client, with the result parameters being encoded in the body using the application/x-www-form-urlencoded format. The action attribute of the form MUST be the Client's Redirection URI. The method of the form attribute MUST be POST
  • fragment - Parameters are encoded in the URL fragment added to the redirect_uri when redirecting back to the client. For web applications, we recommend using response_mode=form_post, to ensure the most secure transfer of tokens to your application.


Several merchants and integrator have reported their OpenID processes not to redirect to the correct URL, and for these it has been identified that form_post mitigates this issue.

If you are able to exchange codes and tokens using fragment that is also ok. MobilePay supports both.