Request access token from the server-side
REST API key
and REST API Secret
are exposed to public creating a potential security vulnerability. Therefore, you must request for acccess token from the server-side.
REST API Key
and REST API Secret
obtained from the Admin Console. curl -H "Content-Type: application/json" POST -d '{"imp_key": "REST API Key", "imp_secret":"REST API Secret"}' https://api.iamport.kr/users/getToken
{
"code": 0,
"message": null,
"response":{
"access_token": "a9ace025c90c0da2161075da6ddd3492a2fca776", // access token
"now": 1512446940, // i'mport REST API server's timestamp
"expired_at": 1512448740, // token's expiration (UNIX timestamp, KST)
},
}
Standard NTP server
Authorization: Bearer a9ace025c90c0da2161075da6ddd3492a2fca776
Call the REST API to get the payment information by including the access token in the request header as follows: curl -H "Content-Type: application/json" -H "Authorization: Bearer a9ace025c90c0da2161075da6ddd3492a2fca776" https://api.iamport.kr/payments/imp_448280090638
401 Unauthorized
response.The following is the policy for reissuance and reuse of access tokens.5 minute extension of expiration
/users/getToken
) at the same time.