This method explains how to authenticate a GoPay user via the Mini App by first retrieving an auth code from the frontend and then exchanging it for an access token through the backend.
Get Authorization Code:
This method retrieves an authorization code that can be used to authenticate the GoPay user. It also returns a promise that resolves with the auth code or rejects it in case of failure for some reason.
| Integration Needed | Details |
|---|---|
| Mini App Frontend | Available since: GoPay App Version 1.36.0 |
Warning
The authCode is valid for 5 minutes. Please re-call the APIs again if exceed the authCode validity period.
Sample frontend code:
<script src="https://gwk.gopayapi.com/sdk/stable/gp-container.min.js"></script>
window.gpContainer.call(
"GPMiniAppAuth",
"getAuthCode",
{},
function(response) {
console.log('success:', response);
},
function(error) {
console.log('error:', error);
}
);
Sample Response:
{
"success": true,
"data": {
authCode: "GBNURP5WyBIqXiGxKv2cO8Qj4CyS0qZrRK5O4e8ehdnHpowG6k5pkj2SsF7BqGIF"
},
"ret": "GP_SUCCESS"
}
{
"success": false,
"error_code": "",
"error_type": "JS_BRIDGE_ERROR",
"error_message": "",
"ret": "GP_EXCEPTION"
}
Get Authorization Token:
The Mini App backend can call this API to obtain an access token using the authCode received from the frontend.
- The authorization token is required for calling other APIs, such as the Reminder API.
- The token does not expire, but if lost, you can request a new one using the same flow (getAuthCode() → access token).
Store the auth_token securely, so it can be used for future API calls. Make sure it is encrypted and access is controlled via RBAC (Role-Based Access Control).
| Integration Needed | Details |
|---|---|
| Mini App Backend | Mini App backend will call to GoPay backend to fetch authorization token. |
| Path | /v1/mini-apps/authorizations/token |
|---|---|
| Host | https://public-mini-app-merchants.gopayapi.com |
| Http Method | POST |
Request Headers:
| Property | Data type | Required | Description |
|---|---|---|---|
| Debug-Id | string | No | This is an identifier that is used for debugging purposes |
| Request-Id | string | No | This is an identifier that is used for maintaining idempotency |
| Authorization | string | Yes | This is a Basic Auth header. Please use the shared credentials that you received from the team. (docs) Format: Basic |
Request Body:
| Property | Data type | Required | Description |
|---|---|---|---|
| auth_code | string | Yes | The code obtained using getAuthCode() interface |
Response:
| Property | Data type | Description |
|---|---|---|
| success | boolean | It will be true if API call is successful and false in case of failure |
| error | object | This object will be non null only in case of failures |
| error.description | string | The description of the error |
| data | object | The object containing the token and account details |
| data.auth_token | string | The auth token for the user |
| data.gopay_account_id | string | The GoPay account id of the user |
Sample Request:
{
"auth_code": "64RgLs7QHVP9CPMgfhbVRKxyjHNILxWUNrtC1uAmUbxukBk70iqTqpPbcn7INbgB"
}
Sample Response:
Success Response:
{
"success": true,
"data": {
"auth_token": "MjAyNDA5MTdhYjQ1Nzk1NC1lMWQ4LTQ0YzUtYjgzMy1iOGZkYjE1YjU1OTk6NDJmZjAwN2UtZDU1YS00YzQwLTkyMTktZmUwNThhMjUzYjgx",
"gopay_account_id": "01-0a0de883e1d846568db4c48ff12c5486-26"
}
}
Error Response: With appropriate HTTP status codes. Only 5xx would be retriable
{
"success": false,
"error": {
"description": "AuthCode Not Found"
}
}
Note
The authCode is valid for 5 minutes. Please re-call the APIs again if exceed the authCode validity period.