Authorization Code

note
This page is for plug-in developer only

Method : POST
URL : https://sb-oauth.revenuemonster.my/v1/token
Sandbox URL : https://sb-oauth.revenuemonster.my/v1/token

Process flow for Grant Type: auth_code
This is for the scenario where a partner wants to request permission to develop an application of a merchant.

For authorization code, only client_id is needed. You are required to use the following request parameters as Query String. Go to RM Merchant Portal to get your Client ID

Request Parameters#

ParameterTypeRequiredDescriptionExample
responseTypeStringYesOnly support authorization codecode
clientIdStringYesClient ID or AppID as obtained from RM Merchant Portal.3675930941412424316
redirectUriStringYesSpecify your desired redirect Uri after request successful. This Uri must be EXACTLY the same as the one entered in RM Merchant Portalhttps://www.google.com
scopeStringYesScope of authorization granted to user, to perform action(s) when calling other API endpoints. (Currently only support manage_payment, get_merchant_profile, get_user_profile, manage_store). Separated by comma(s) without space.manage_payment
stateStringNoOptional field for user reference, will be passed back in responseAnything

Example Request URL :

https://sb-oauth.revenuemonster.my/authorize?responseType=code&clientId=3675930941412424316&redirectUri= https://www.google.com&scope=manage_payment& state=123456

image


Response Parameters#

ParameterTypeDescriptionExample
codeStringRequired for subsequent request(s)Random string
stateStringOptional field for user referenceAnything

Example Response URL :

https://www.google.com/?code=iEWqJsA5KVEsWF11xTphDIx8vbUqomsiW2vT4KClOFaVqiGh517 dDCfgPlHlqZUeP5atf0SnwiMO8P2X06md8Muv4nEWRW9nro6a5ef0M1jD7k1EFOh9f PV7Jvoe7wIRoVY6JYCSzHuWItQ3Un9J137smxcdSkZ8GKs14vDmREtwFsn8a0SSKBvg fjXEJGrWnCZaCOpEhXPDNzIfo71n0p8p38d9mUyNqxYpQ8UzlPpfAKEr0fiGIF Tf6RakxUp&state=123456

note
  • From the redirected response URI, we can get authorization code from the query string, as follows:
    iEWqJsA5KVEsWF11xTphDIx8vbUqomsiW2vT4KClOFaVqiGh517dDCfgPlHlqZUeP5atf0SnwiMO8P2X06md8Muv4nEWRW9nro6a5ef0M1jD7k1EFOh9fPV7Jvoe7wIRoVY6JYCSzHuWItQ3Un9J137smxcdSkZ8GKs14vDmREtwFsn8a0SSKBvgfjXEJGrWnCZaCOpEhXPDNzIfo71n0p8p38d9mUyNqxYpQ8UzlPpfAKEr0fiGIFTf6RakxUp

  • Thereafter, user may use this code to generate an access token and proceed to call other endpoints.

  • This code is valid for ONE-TIME only. Once used (either successful or failed), you are required to request a new authorization code using the steps before.