🖇️REST API Access Token
Learn how to get an access token.
Last updated
Learn how to get an access token.
Last updated
To get access to private resources, such as payment information, you must obtain an access token and include it in the i'mport REST API request.
Request access token from server-side
If you request for access token from the client-side, the REST API Key
and
REST API Secret
are exposed to public creating a potential security vulnerability. Therefore, you must request for access token from the server-side.
Use theREST API Key
and REST API Secret
obtained from the Admin console and call the REST API (POST https://api.iamport.kr/users/getToken) to get an access token as follows:
Get the access token from the response as follows:
Standard NTP Server
The i'mport REST API server synchronizes with the standard time using Google Public NTP.
You can use the access token to make an i'mport REST API call. Since i'mport REST APIs use the Bearer authentication method, the HTTP request header includes the access token in the following format:
Authorization: Bearer a9ace025c90c0da2161075da6ddd3492a2fca776
Call the REST API to get the payment details by including the access token in the request header as follows:
The expiration of the access token is 30 minutes from the time of issuance. A token cannot be used after its expiration. An API call request with an expired token returns a 401 Unauthorized
response.
Reissuance (after expiration): A new access token is issued. (Expiration: 30 minutes after issuance)
Reuse (before expiration): Existing access token is reused. (Expiration: same as before, but extended by 5 minutes if requested within 1 minute from the original expiration)
5 minute extension of expiration
The reuse and 5 minute lifetime extension of access token are provided for the following situations:
Multiple web servers of a single merchant are competing to call the REST API (/users/getToken
) at the same time.
Multiple web servers of a single merchant are not synchronized in time.