Merchant Authentication
Process
Position in business flow: Pre-condition step — required before all APIs. The JWT Token obtained is shared across all subsequent APIs within the session.
- MERCHANT calls the API to obtain a JWT Token.
- Baokim authenticates based on the Merchant integrating directly with Baokim:
- If the Master integrates, authentication uses the Master's information.
- If the Sub integrates, authentication uses the Sub's information.
API Information
Method: POST
URL: /b2b/auth-service/api/oauth/get-token
Request
Main Parameters
| No. | Field Name | Data Type | Required | Description |
|---|---|---|---|---|
| 1 | merchant_code | String(50) | ✅ | Merchant code provided by Baokim |
| 2 | client_id | String(50) | ✅ | Merchant's Client ID provided by Baokim |
| 3 | client_secret | String(50) | ✅ | Merchant's Client Secret provided by Baokim |
Request Example
{
"merchant_code": "BAOKIMMRC",
"client_id": "BAOKIMMRC",
"client_secret": "iOiJKV1QiLCJhbGciOiJIUzI1NiJ9"
}
Response
Main Parameters
| No. | Field Name | Data Type | Required | Description |
|---|---|---|---|---|
| 1 | code | Number(3) | ✅ | Baokim error code |
| 2 | message | String(200) | ✅ | Baokim error message |
| 3 | data | Object | ✅ | Data returned by Baokim |
Data Information
| No. | Field Name | Data Type | Required | Description |
|---|---|---|---|---|
| 1 | access_token | String | ✅ | JWT Token string |
| 2 | token_type | String | ✅ | Token type |
| 3 | expires_at | DateTime | ✅ | Token expiration time |
Response Example
{
"code": 100,
"message": "Successfully",
"data": {
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjkyOTIvYXBpL2IyYl9hdXRoL2xvZ2luIiwiaWF0IjoxNzA2MDgwODU1...",
"token_type": "bearer",
"expires_at": "2025-10-30 14:41:00"
}
}
Error Codes
| Error Code | Description |
|---|---|
| 100 | Successfully |
| 101 | Baokim system error |
| 104 | OAuth authentication error |
| 105 | Signature verification error |
| 422 | Parameter validation error |