🖇️REST API Access Token

Learn how to get an access token.

Access token is required to make an i'mport REST API request.

To get access to private resources, such as payment information, you must obtain an access token and include it in the i'mport REST API request.

Get an access token

Request access token from server-side

If you request for access token from the client-side, the REST API Key and REST API Secret are exposed to public creating a potential security vulnerability. Therefore, you must request for access token from the server-side.

STEP 01. Request access code

Use theREST API Key and REST API Secret obtained from the Admin console and call the REST API (POST https://api.iamport.kr/users/getToken) to get an access token as follows:

server-side

  curl -H "Content-Type: application/json" POST -d '{"imp_key": "REST API key", "imp_secret":"REST API Secret"}' https://api.iamport.kr/users/getToken

server-side

// Request access token
  axios({
    url: "https://api.iamport.kr/users/getToken",
    // POST method
    method: "post", 
    // "Content-Type": "application/json"
    headers: { "Content-Type": "application/json" }, 
    data: {
      // REST API key
      imp_key: "imp_apikey", 
      // REST API Secret
      imp_secret: "ekKoeW8RyKuT0zgaZsUtXXTLQ4AhPFW3ZGseDA6bkA5lamv9OqDMnxyeB9wqOsuO9W3Mx9YSJ4dTqJ3f" 
    }
  });

import requests
import json

def getTokenApi(path):
    API_HOST = "https://api.iamport.kr"
    url = API_HOST + path

    headers = {'Content-Type': 'application/json', 'charset': 'UTF-8', 'Accept': '*/*'}
    body = {
        "imp_key": "", # REST API Key
        "imp_secret": "" # REST API Secret
    }
    try:
        response = requests.post(url, headers=headers, data=json.dumps(body, ensure_ascii=False, indent="\t"))
        return response
    except Exception as ex:

res=getTokenApi("/users/getToken")  # API call
json_object=json.loads(res.text)    # Convert to JSON object
TokenVal = json_object['response']['access_token'] # Parse the token

print(TokenVal)

STEP 02. Get access token

Get the access token from the response as follows:

Response

{
    "code": 0,
    "message": null,
    "response":{
      "access_token": "a9ace025c90c0da2161075da6ddd3492a2fca776", // access token
      "now": 1512446940, // i'mport REST API server's timestamp
      "expired_at": 1512448740, // token's expiration (UNIX timestamp, KST)
    },
  }

Standard NTP Server

The i'mport REST API server synchronizes with the standard time using Google Public NTP.

STEP 03. Using access token

You can use the access token to make an i'mport REST API call. Since i'mport REST APIs use the Bearer authentication method, the HTTP request header includes the access token in the following format:

Authorization: Bearer a9ace025c90c0da2161075da6ddd3492a2fca776

Call the REST API to get the payment details by including the access token in the request header as follows:

server-side

curl -H "Content-Type: application/json" -H "Authorization: Bearer a9ace025c90c0da2161075da6ddd3492a2fca776" https://api.iamport.kr/payments/imp_448280090638

server-side

axios({
    url: "https://api.iamport.kr/payments/imp_448280090638",
    method: "get", // GET method
    headers: {
      // "Content-Type": "application/json"
      "Content-Type": "application/json", 
      // Reissuing and Reusing Access Token
ssued access token
      "Authorization": "Bearer a9ace025c90c0da2161075da6ddd3492a2fca776" 
    }
  });

Reissuing and Reusing Access Token

The expiration of the access token is 30 minutes from the time of issuance. A token cannot be used after its expiration. An API call request with an expired token returns a 401 Unauthorized response.

Reissuance (after expiration): A new access token is issued. (Expiration: 30 minutes after issuance)
Reuse (before expiration): Existing access token is reused. (Expiration: same as before, but extended by 5 minutes if requested within 1 minute from the original expiration)

5 minute extension of expiration

The reuse and 5 minute lifetime extension of access token are provided for the following situations:

Multiple web servers of a single merchant are competing to call the REST API (/users/getToken) at the same time.
Multiple web servers of a single merchant are not synchronized in time.

Previousi'mport API overview NextPayment API

Last updated 2 years ago

// Request access token axios({ url: "https://api.iamport.kr/users/getToken", // POST method method: "post", // "Content-Type": "application/json" headers: { "Content-Type": "application/json" }, data: { // REST API key imp_key: "imp_apikey", // REST API Secret imp_secret: "ekKoeW8RyKuT0zgaZsUtXXTLQ4AhPFW3ZGseDA6bkA5lamv9OqDMnxyeB9wqOsuO9W3Mx9YSJ4dTqJ3f" } });

import requests import json def getTokenApi(path): API_HOST = "https://api.iamport.kr" url = API_HOST + path headers = {'Content-Type': 'application/json', 'charset': 'UTF-8', 'Accept': '*/*'} body = { "imp_key": "", # REST API Key "imp_secret": "" # REST API Secret } try: response = requests.post(url, headers=headers, data=json.dumps(body, ensure_ascii=False, indent="\t")) return response except Exception as ex: res=getTokenApi("/users/getToken") # API call json_object=json.loads(res.text) # Convert to JSON object TokenVal = json_object['response']['access_token'] # Parse the token print(TokenVal)

{ "code": 0, "message": null, "response":{ "access_token": "a9ace025c90c0da2161075da6ddd3492a2fca776", // access token "now": 1512446940, // i'mport REST API server's timestamp "expired_at": 1512448740, // token's expiration (UNIX timestamp, KST) }, }

axios({ url: "https://api.iamport.kr/payments/imp_448280090638", method: "get", // GET method headers: { // "Content-Type": "application/json" "Content-Type": "application/json", // Reissuing and Reusing Access Token ssued access token "Authorization": "Bearer a9ace025c90c0da2161075da6ddd3492a2fca776" } });