How do you generate the access token for Admin

This guide will walk you through the OAuth authorization process used by Arcadier API.

Authentication Process

The Admin can request an access token using only its client credentials when the Admin is requesting access to the protected Arcadier API resource. If the access token request is valid and authorized, the authorization server issues an access token.

Step 1 : Get Client ID and Secret

Get Client ID and Secret

Upon subscribing with Arcadier’s Growth package and above, the Admin will be issued with a Client ID and Client Secret. Note that the Client Secret is highly sensitive and should be confidential.

In you Admin portal, go to Account Settings, then Account Info. Your Client ID and Secret will be displayed at the bottom of your account info. For assistance in getting your Client ID and Secret, contact the Arcadier Dev Support team.

Step 2 : Making request to server for access token

Using POSTMAN the client makes a POST HTTPS request to the token endpoint,, by adding the following parameters using the "application/json" format in the HTTPS request entity-body:

  • client_id REQUIRED. Example value: 'client123'

  • client_secret REQUIRED. Example value: 'secret123'

  • grant_type REQUIRED. Value: 'client_credentials'

  • scope REQUIRED Value: ‘admin’

A sample POST request would look like,

  Method: POST


  Content-Type: application/raw

  Request body: client_id=...&client_secret=....&grant_type=client_credentials&scope=admin

  *Scope = admin (for Admin) , scope = basic (for Merchant and Consumer)

Successful Response

The authorization server issues an access token, and constructs the response by adding the following parameters to the entity-body of the HTTPS response with a 200 OK status code:

  • access_token REQUIRED. The access token issued by the server.


Error Response

The authorization server responds with a

  • 400 Bad Request if the REQUIRED fields in the request are invalid.

  • 401 Unauthorised if the credentials in the request are unauthorised.

  • 500 Internal Server Error if the authorization server is unavailable.

with the error in the json response

Contact Arcadier Dev Support team for support.

Step 3 : Making Authenticated Requests

Making Authenticated Requests

Now that the Admin has obtained an API access token, it can make authenticated requests to the restricted Marketplace API.

These requests are accompanied with a header Authorization: Bearer {access_token} where {access_token} is replaced with the token issued previously.

In the HTTP header,

  Authorization: Bearer {access_token}

Step 4 : Renewing Access Token

The Access token will be renewed every 3 hours, therefore you should never hard code the access token when developing. You should call this API every time your previous access token expires.

How do you generate the access token for Merchant and Consumer

To access to Merchant and Consumer Access token, they will have to log into Arcadier Marketplace using the Arcadier login page provided. To learn more, refer to flow 4 and 5 in the onboarding section.

Was this article helpful?
1 out of 1 found this helpful