CODEWITHSUNDEEP
pythonoauth-2.0http-status-code-401razorpay
Ravikirubakaran S
Ravikirubakaran S

Reputation: 9

Razorpay OAuth API Call Fails with "401 Access Denied"

I am trying to integrate Razorpay OAuth to exchange an authorization_code for tokens. Following the Razorpay documentation, I made the following API call:

-H "Content-type: application/json" \
-d '{
  "client_id": "<YOUR_CLIENT_ID>",
  "client_secret": "<YOUR_CLIENT_SECRET>",
  "grant_type": "authorization_code",
  "redirect_uri": "http://example.com/razorpay_callback",
  "code": "def50200d844dc80cc44dce2c665d07a374d76802",
  "mode": "test"
}'

I substituted <YOUR_CLIENT_ID> with the Key ID and <YOUR_CLIENT_SECRET> with the Key Secret generated under Settings > API Key in Razorpay's dashboard. However, the request always returns:

{
  "error": {
    "description": "Access denied"
  }
}

Python Code for API Call: Here's how I implemented the API call in Python:

def fetch_razorpay_token(authorization_code, redirect_uri=None):
    import requests
    import urllib.parse

    url = "https://auth.razorpay.com/token"
    static_redirect_uri = "http://localhost:3000/payment"
    decoded_authorization_code = urllib.parse.unquote(authorization_code)

    payload = {
        "client_id": "<MY_CLIENT_ID>",
        "client_secret": "<MY_CLIENT_SECRET>",
        "grant_type": "authorization_code",
        "redirect_uri": static_redirect_uri,
        "code": decoded_authorization_code,
        "mode": "test",
    }
    headers = {"Content-type": "application/json"}
    response = requests.post(url, json=payload, headers=headers)
    
    if response.status_code == 200:
        return response.json()
    else:
        print("Failed:", response.status_code, response.text)
        return None

Observations:

  1. The authorization_code and redirect_uri are dynamically passed.
  2. The client credentials are set correctly as per Razorpay documentation.
  3. I receive a 401 Access Denied response every time.

Questions:

  1. Is using the Key ID as the client_id and the Key Secret as the client_secret correct?
  2. Does the redirect_uri in the token request need to exactly match the one used during the authorization code generation?
  3. Are there any other settings or configurations I might be missing in Razorpay's dashboard?

Upvotes: 0

Views: 28

Answers (0)

Related Questions