Get the access_token to authenticate in the other API operations

EnvironmentMethodEndpoint
Sandboxhttps://authsandbox.braspag.com.br/oauth2/token/
Productionhttps://auth.braspag.com.br/oauth2/token/

The authentication method presented on this page must be used for the Split de Pagamentos, Sellers Onboarding, Receivables Anticipation and Reconciliation APIs

Transactional requests (physical world, Gateway and E-commerce API) use other credentials or authentication methods.

See more details in Features List.

Split de Pagamentos uses the OAuth 2.0 protocol as security. First, you must obtain an access token, using your credentials:

  • MerchantId: identifier in Split;
  • ClientSecret: key used for authentication.

To get an access token:

  1. Concatenate the MerchantId and the ClientSecret: MerchantId:ClientSecret;
  2. Encode the result of the concatenation in Base64;
  3. Make a request to the authorization server using the generated alphanumeric code.

⚠️

The access_token is valid for 20 minutes, and a new token must be generated every time the validity expires.

You must send the access token returned by the authentication API (access_token) in every request to the Split de Pagamentos, Sellers Onboarding, Receivables Anticipation and Reconciliation APIs as an authorization key.

Language