Create Access Token

Overview

The createAccessToken method generates a short-lived authentication token for accessing payment processor APIs. Use this for temporary, secure access without exposing long-lived credentials.

Business Use Case: Your frontend needs to initialize a payment widget. Generate a temporary token with limited scope and short expiry for client-side use.

Purpose

Scenario

Benefit

Frontend SDKs

Secure client-side initialization

Delegated access

Scoped tokens for third parties

Session-based auth

Time-limited access

Request Fields

Field

Type

Required

Description

scope

string

Token scope (e.g., "payment:write")

expiresIn

number

Token lifetime in seconds (default: 3600)

Response Fields

Field

Type

Description

accessToken

string

The token string to use in API calls

tokenType

string

Bearer

expiresIn

number

Seconds until expiry

expiresAt

string

ISO 8601 expiry timestamp

statusCode

number

HTTP status code

Example

SDK Setup

const { MerchantAuthenticationClient } = require('hyperswitch-prism');

const authClient = new MerchantAuthenticationClient({
    connector: 'stripe',
    apiKey: 'YOUR_API_KEY',
    environment: 'SANDBOX'
});

Request

const request = {
    scope: "payment:write",
    expiresIn: 3600
};

const response = await authClient.createAccessToken(request);

Response

{
    accessToken: "sk_test_xxx",
    tokenType: "Bearer",
    expiresIn: 3600,
    expiresAt: "2024-01-15T11:30:00Z",
    statusCode: 200
}

Security Best Practices

Use short expiry times (1 hour or less)
Transmit only over HTTPS
Never store tokens client-side long-term
Implement token refresh logic

Next Steps

createSessionToken - Create session tokens for multi-step flows
Payment Service - Use tokens for payment operations

Last updated 26 minutes ago

Was this helpful?

hashtagOverview

hashtagPurpose

hashtagRequest Fields

hashtagResponse Fields

hashtagExample

hashtagSDK Setup

hashtagRequest

hashtagResponse

hashtagSecurity Best Practices

hashtagNext Steps

Overview

Purpose

Request Fields

Response Fields

Example

SDK Setup

Request

Response

Security Best Practices

Next Steps