LogoLogo
  • 🧩i'mport Payment Integration Docs
    • 🚗GET STARTED
  • 🛫Setup
    • 🖥️1. Create an account
    • 🧷2. Set up PG
      • 🏢Payment gateway settings
        • ⌨️NHN KCP
        • ⌨️KG INICIS
        • ⌨️NICE Payments
        • ⌨️Toss Payments
        • ⌨️KICC
        • ⌨️Paymentwall
        • ⌨️Daou
        • ⌨️다날 설정
        • ⌨️JTNET 설정
        • ⌨️세틀뱅크 설정
        • ⌨️KG모빌리언스 설정
        • ⌨️스마트로 설정
        • ⌨️페이팔 설정
        • ⌨️엑심베이 설정
        • ⌨️블루월넛 설정
      • ⛺간편 결제사
        • ⌨️카카오페이 설정
        • ⌨️토스간편결제 설정
        • ⌨️네이버페이(결제형) 설정
        • ⌨️페이코 설정
        • ⌨️차이 설정
        • ⌨️알리페이 설정
    • ✔️3. Check required info
  • Payment window
    • 🖥️Authenticated payment
      • 📒Definition
      • 🌠1. Add i'mport library
      • 💡2. Initialize IMP object
      • 🪧3. Request payment
      • 🎁4. Process payment result
        • 🪟Iframe method
        • 🖼️Redirect method
      • 🔦5. Verify payment information
      • 🛬6. Complete payment
    • ⏰Non-authenticated payment
      • 🏍️Request billing key payment
        • 🖱️REST API
        • 🛡️PG window
      • 💳Key-in payment using card info
      • 🪧Subscription payment using billing key
    • 💸Payment cancellation (refund)
      • 💷Virtual account refund
  • Payment result
    • ⚒️Set up a webhook
  • Other Services
    • 📱Mobile identity verification
      • 📔1. Prepare for verification
      • 🥏2. Request verification
      • 🚚3. Send verification result
      • 🤹4. Get verification info
    • 🚚Integrated identity verification
      • 📒Prepare for verification
      • 🥏Request verification
      • 🚚Send verification result
      • 🤹Get verification info
    • 💳Credit card identity verification
      • 📒1. Prepare for verification
      • 🥏2. Request verification
      • 🚚3. Send verification result
      • 🤹4. Get verification info
    • 💻Generate payment URL
    • 🛩️Integrate budget handler
    • 📟Native mobile SDKs
  • TIPS
    • 🌽Tax exemption on payments
    • ✅Service launch checklist
    • 🔏Confirm Process
    • 🎼i'mport payment flow
    • 🎈Agency & Tier
    • 📦Billing key issuance by PG
    • 🏦Bank codes by PG
    • 🧾PG codes
    • 🚚Courier codes
    • 🪧What is redirection?
    • 📰PG error codes
  • Admin console
    • 🎡Admin console guide
      • Apply for online payment
      • My ID & API keys
      • Manage admin & sub-merchant accounts
      • Integrate payment
      • Payment activity
    • 💻Integrating Multiple PGs
  • API
    • 📋i'mport API overview
    • 🖇️REST API Access Token
    • 💳Payment API
      • ⌨️Cancel payment API
      • ⌨️Get payment API
      • ⌨️Get payments API
      • ⌨️Get payments by status API
      • ⌨️Get payments by order ID, status (All)
      • ⌨️Get payments by order ID, status (Top 1)
      • ⌨️Get balance API (for split payment transaction)
      • ⌨️Get payments by billing key API
      • ⌨️Save payment amount API
      • ⌨️Update payment amount API
      • ⌨️Get payment amount API
    • 📝Billing key API
      • ⌨️Request billing key API
      • ⌨️Delete billing key API
      • ⌨️Get billing key API
      • ⌨️Get billing keys API
      • ⌨️Get scheduled payments API
    • 🧭Subscription payment API
      • ⌨️Schedule payment API
      • ⌨️Cancel scheduled payment API
      • ⌨️Get scheduled payments API
      • ⌨️Get scheduled payment API
      • ⌨️Get scheduled payments by billing key API
    • 🪂Non-authenticated payment API
      • ⌨️Request non-authenticated payment (billing key) API
      • ⌨️Request non-authenticated payment (one-time) API
    • 🇺🇲🇺🇲 Overseas PG API
      • ⌨️Paymentwall delivery API
    • 👮‍♂️👮♂ Identity verification API
      • ⌨️Get identity verification result API
      • ⌨️Delete identity verification API
      • ⌨️Request identity verification API
      • ⌨️Confirm identity verification API
    • 🎫Simple payment service API
      • 🧽Kakao Pay
        • ⌨️Get order API
      • 🛩️KCP Quick Pay
        • ⌨️Delete user API
      • 🧰PAYCO
        • ⌨️Update order status API
      • 📗Naver Pay
        • ⌨️Confirm escrow order API
        • ⌨️Accrue points API
        • ⌨️Get cash receipt amount API
    • 🏦Escrow API
      • ⌨️Get delivery info API
      • ⌨️Add delivery info API
      • ⌨️Update delivery info API
    • 💵Cash receipt API
      • ⌨️Cancel cash receipt transaction API
      • ⌨️Get cash receipt API
      • ⌨️Request cash receipt API
      • ⌨️Cancel cash receipt (external) API
      • ⌨️Get cash receipt (external) API
      • ⌨️Request cash receipt (external) API
    • 🏛️Virtual account API
      • ⌨️Request virtual account API
      • ⌨️Cancel virtual account API
      • ⌨️Update virtual account API
      • ⌨️Get account holder API
    • 🍶Miscellaneous API
      • 🎽Benepia point
        • ⌨️Get points API
        • ⌨️Request point payment API
      • 🏪Convenience store payment
        • ⌨️Request barcode API
        • ⌨️Cancel barcode API
      • 🗃️Financial institution codes
        • ⌨️Get credit card codes (All) API
        • ⌨️Get credit card name API
        • ⌨️Get bank codes (All) API
        • ⌨️Get bank name API
      • 🛖PG information
        • ⌨️Get PG MIDs API
  • SDK
    • 📚Javascript SDK
      • 💿Payment request parameters
      • 📀Payment response parameters
      • 💿Identity verification request parameters
      • 📀Identity verification response parameters
      • ✏️SDK Release Notes
  • FAQ
    • ⁉️FAQ
  • 🔑Payment integration by PG
    • 🏢Payment gateways
      • ⌨️NHH KCP
      • ⌨️KG INICIS
      • ⌨️Toss Payments
      • ⌨️NICE Payments
      • ⌨️KICC
      • ⌨️Daou (PAYJOA)
        • 📍Precautions for using PAYJOA
      • ⌨️KG Mobilians
      • ⌨️Paymentwall
      • ⌨️Danal
      • ⌨️Settlebank
      • ⌨️JTNET
      • ⌨️Smartro
      • ⌨️PayPal
      • ⌨️Eximbay
      • ⌨️Blue Walnut
    • ⛺Simple payments
      • ⌨️Naver Pay (Standard)
      • ⌨️Kakao Pay
      • ⌨️PAYCO
      • ⌨️Alipay
      • ⌨️Toss
  • Korean Integration Docs
Powered by GitBook
On this page
  • Access token is required to make an i'mport REST API request.
  • Get an access token
  • STEP 01. Request access code
  • STEP 02. Get access token
  • STEP 03. Using access token
  • Reissuing and Reusing Access Token
  1. API

REST API Access Token

Learn how to get an access token.

Previousi'mport API overviewNextPayment API

Last updated 2 years ago

Access token is required to make an i'mport REST API request.

To get access to private resources, such as payment information, you must obtain an access token and include it in the i'mport REST API request.

Get an access token

Request access token from server-side

If you request for access token from the client-side, the REST API Key and REST API Secret are exposed to public creating a potential security vulnerability. Therefore, you must request for access token from the server-side.

STEP 01. Request access code

Use theREST API Key and REST API Secret obtained from the Admin console and call the REST API () to get an access token as follows:

server-side
  curl -H "Content-Type: application/json" POST -d '{"imp_key": "REST API key", "imp_secret":"REST API Secret"}' https://api.iamport.kr/users/getToken
server-side
// Request access token
  axios({
    url: "https://api.iamport.kr/users/getToken",
    // POST method
    method: "post", 
    // "Content-Type": "application/json"
    headers: { "Content-Type": "application/json" }, 
    data: {
      // REST API key
      imp_key: "imp_apikey", 
      // REST API Secret
      imp_secret: "ekKoeW8RyKuT0zgaZsUtXXTLQ4AhPFW3ZGseDA6bkA5lamv9OqDMnxyeB9wqOsuO9W3Mx9YSJ4dTqJ3f" 
    }
  });
import requests
import json

def getTokenApi(path):
    API_HOST = "https://api.iamport.kr"
    url = API_HOST + path

    headers = {'Content-Type': 'application/json', 'charset': 'UTF-8', 'Accept': '*/*'}
    body = {
        "imp_key": "", # REST API Key
        "imp_secret": "" # REST API Secret
    }
    try:
        response = requests.post(url, headers=headers, data=json.dumps(body, ensure_ascii=False, indent="\t"))
        return response
    except Exception as ex:

res=getTokenApi("/users/getToken")  # API call
json_object=json.loads(res.text)    # Convert to JSON object
TokenVal = json_object['response']['access_token'] # Parse the token

print(TokenVal)

STEP 02. Get access token

Get the access token from the response as follows:

Response
{
    "code": 0,
    "message": null,
    "response":{
      "access_token": "a9ace025c90c0da2161075da6ddd3492a2fca776", // access token
      "now": 1512446940, // i'mport REST API server's timestamp
      "expired_at": 1512448740, // token's expiration (UNIX timestamp, KST)
    },
  }

Standard NTP Server

The i'mport REST API server synchronizes with the standard time using Google Public NTP.

STEP 03. Using access token

You can use the access token to make an i'mport REST API call. Since i'mport REST APIs use the Bearer authentication method, the HTTP request header includes the access token in the following format:

Authorization: Bearer a9ace025c90c0da2161075da6ddd3492a2fca776

Call the REST API to get the payment details by including the access token in the request header as follows:

server-side
curl -H "Content-Type: application/json" -H "Authorization: Bearer a9ace025c90c0da2161075da6ddd3492a2fca776" https://api.iamport.kr/payments/imp_448280090638
server-side
axios({
    url: "https://api.iamport.kr/payments/imp_448280090638",
    method: "get", // GET method
    headers: {
      // "Content-Type": "application/json"
      "Content-Type": "application/json", 
      // Reissuing and Reusing Access Token
ssued access token
      "Authorization": "Bearer a9ace025c90c0da2161075da6ddd3492a2fca776" 
    }
  });

Reissuing and Reusing Access Token

The expiration of the access token is 30 minutes from the time of issuance. A token cannot be used after its expiration. An API call request with an expired token returns a 401 Unauthorized response.

  • Reissuance (after expiration): A new access token is issued. (Expiration: 30 minutes after issuance)

  • Reuse (before expiration): Existing access token is reused. (Expiration: same as before, but extended by 5 minutes if requested within 1 minute from the original expiration)

5 minute extension of expiration

The reuse and 5 minute lifetime extension of access token are provided for the following situations:

  • Multiple web servers of a single merchant are competing to call the REST API (/users/getToken) at the same time.

  • Multiple web servers of a single merchant are not synchronized in time.

🖇️
POST https://api.iamport.kr/users/getToken
Admin Console > REST API Key & REST API Secret