Skip to main content

Merchant Authentication

Process

  • MERCHANT calls API to retrieve JWT Token. This token is shared across all Baokim B2B services (VA, QRPay/QRGlobal...).
  • Token has a short expiration period — implement logic to automatically refresh when expired.

API Information

Method: POST

URL: /b2b/auth-service/api/oauth/get-token

Request

Request Parameters

#Field NameData TypeRequiredDescription
1merchant_codeString(50)Merchant code provided by Baokim
2client_idString(50)Merchant's Client ID provided by Baokim
3client_secretString(50)Merchant's Client Secret provided by Baokim

Request Example

{
"merchant_code": "BAOKIMMRC",
"client_id": "BAOKIMMRC",
"client_secret": "iOiJKV1QiLCJhbGciOiJIUzI1NiJ9"
}

Response

Response Parameters

#Field NameData TypeRequiredDescription
1codeNumber(3)Baokim error code
2messageString(200)Baokim error message
3dataObjectResponse data from Baokim

Data Information

#Field NameData TypeRequiredDescription
1access_tokenStringJWT Token string
2token_typeStringToken type
3expires_atDateTimeToken expiration time

Response Example

{
"code": 100,
"message": "Successfully",
"data": {
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjkyOTIvYXBpL2IyYl9hdXRoL2xvZ2luIiwiaWF0IjoxNzA2MDgwODU1...",
"token_type": "bearer",
"expires_at": "2026-06-30 14:41:00"
}
}

Error Codes

Error CodeDescription
100Successfully
11Failed
101Baokim system error
103Signature verification error
104JWT authentication error
422Invalid data (wrong format, missing required fields)