> ## Documentation Index
> Fetch the complete documentation index at: https://docs.revolv3.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Get Merchant Access Token
> Generates an **access token** used to authenticate API requests on behalf of a specific merchant.
This endpoint is typically called as part of the login or credential exchange process and requires valid client credentials (Merchant Client ID, Developer API Key), which can be generated in the Merchant Settings Profile page.
The returned token should be included in the `Authorization` header of subsequent requests to secure endpoints.
Access tokens are time-limited and may need to be refreshed once a year.
Related Links:
## OpenAPI
````yaml /api-reference/swagger.json post /api/Authentication/token
openapi: 3.0.4
info:
title: Revolv3 OpenApi Spec
description: Spec for Revolv3
version: 1.29.1
servers:
- url: 'https://api-sandbox.revolv3.com '
security: []
paths:
/api/Authentication/token:
post:
tags:
- Authentication
summary: Get Merchant Access Token
description: "Generates an **access token** used to authenticate API requests on behalf of a specific merchant.\r\nThis endpoint is typically called as part of the login or credential exchange process and requires valid client credentials (Merchant Client ID, Developer API Key), which can be generated in the Merchant Settings Profile page. \r\nThe returned token should be included in the `Authorization` header of subsequent requests to secure endpoints.\r\nAccess tokens are time-limited and may need to be refreshed once a year.\r\n\r\nRelated Links:\r\n"
operationId: GetToken
requestBody:
content:
application/json-patch+json:
schema:
$ref: '#/components/schemas/GetAzureAdTokenRequestDto'
example:
clientId: clientIdentifier
clientSecret: clientSecret
application/json:
schema:
$ref: '#/components/schemas/GetAzureAdTokenRequestDto'
example:
clientId: clientIdentifier
clientSecret: clientSecret
text/json:
schema:
$ref: '#/components/schemas/GetAzureAdTokenRequestDto'
example:
clientId: clientIdentifier
clientSecret: clientSecret
application/*+json:
schema:
$ref: '#/components/schemas/GetAzureAdTokenRequestDto'
example:
clientId: clientIdentifier
clientSecret: clientSecret
responses:
'200':
description: >-
The credentials provided were valid, and a new access token has been
successfully obtained.
content:
text/plain:
schema:
$ref: '#/components/schemas/GetAzureAdTokenSuccessResponseDTO'
example:
token_type: Bearer
expires_in: 3599
ext_expires_in: 3599
access_token: >-
thisisagianttokenhash1NiIsImtpZCI6IlNzWnNCTmhaY0YzUTlTNHRycFFCVEJ5TlthisisagianttokenhashTQ0MTMiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vZjAyMzQ1MDEtMjdkZC00NTY1LWI1NDUtNDBlZDFmZjNjZDU1L3YyLjAiLCJpYXQiOjE1OTEyODthisisagianttokenhashhwIjoxNTkxMjkzODYzLCJhaW8iOiI0MmRnWURBTDhGTU5iNUgwOGF4thisisagianttokenhashYmExN2VkLTExMGMtNDVmthisisagianttokenhashmF6cGFjciI6IjEiLCJ0aWQiOiJmMDIzNDUwMS0yN2RkLTQ1NjUtYjU0NS00MGVkMWZmM2NkNTUiLCJ1dGkiOiJWOEhIbXVfZ1RVZUZQQ0pKNF91b0FBIiwidmVyIjoiMi4wIn0.rrQVOMQ2M3xhBeA96fOeidrghJep_DEC0-y-WTlsZu37rO18FgTBAp-tNeMasrLZlEcP6O2Ij8OqxY8yqxmIaPoaXpH9f8DN6nkthisisagianttokenhashlCDGp6zUdEb0XDA2-JXbSbs918g9DPBjuTDio1-Cithisisagianttokenhash8C4-H1XZfRN4Z7IMthisisagianttokenhashxp8lqK66NrXI2RtihtBs6gI3GKpfhok-H6_NvUaQQthisisagianttokenhashOHlKrKQ6D2fUIcXg
isExpired: false
expirationTime: '2026-06-22T12:01:17.348976Z'
application/json:
schema:
$ref: '#/components/schemas/GetAzureAdTokenSuccessResponseDTO'
example:
token_type: Bearer
expires_in: 3599
ext_expires_in: 3599
access_token: >-
thisisagianttokenhash1NiIsImtpZCI6IlNzWnNCTmhaY0YzUTlTNHRycFFCVEJ5TlthisisagianttokenhashTQ0MTMiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vZjAyMzQ1MDEtMjdkZC00NTY1LWI1NDUtNDBlZDFmZjNjZDU1L3YyLjAiLCJpYXQiOjE1OTEyODthisisagianttokenhashhwIjoxNTkxMjkzODYzLCJhaW8iOiI0MmRnWURBTDhGTU5iNUgwOGF4thisisagianttokenhashYmExN2VkLTExMGMtNDVmthisisagianttokenhashmF6cGFjciI6IjEiLCJ0aWQiOiJmMDIzNDUwMS0yN2RkLTQ1NjUtYjU0NS00MGVkMWZmM2NkNTUiLCJ1dGkiOiJWOEhIbXVfZ1RVZUZQQ0pKNF91b0FBIiwidmVyIjoiMi4wIn0.rrQVOMQ2M3xhBeA96fOeidrghJep_DEC0-y-WTlsZu37rO18FgTBAp-tNeMasrLZlEcP6O2Ij8OqxY8yqxmIaPoaXpH9f8DN6nkthisisagianttokenhashlCDGp6zUdEb0XDA2-JXbSbs918g9DPBjuTDio1-Cithisisagianttokenhash8C4-H1XZfRN4Z7IMthisisagianttokenhashxp8lqK66NrXI2RtihtBs6gI3GKpfhok-H6_NvUaQQthisisagianttokenhashOHlKrKQ6D2fUIcXg
isExpired: false
expirationTime: '2026-06-22T12:01:17.348976Z'
text/json:
schema:
$ref: '#/components/schemas/GetAzureAdTokenSuccessResponseDTO'
example:
token_type: Bearer
expires_in: 3599
ext_expires_in: 3599
access_token: >-
thisisagianttokenhash1NiIsImtpZCI6IlNzWnNCTmhaY0YzUTlTNHRycFFCVEJ5TlthisisagianttokenhashTQ0MTMiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vZjAyMzQ1MDEtMjdkZC00NTY1LWI1NDUtNDBlZDFmZjNjZDU1L3YyLjAiLCJpYXQiOjE1OTEyODthisisagianttokenhashhwIjoxNTkxMjkzODYzLCJhaW8iOiI0MmRnWURBTDhGTU5iNUgwOGF4thisisagianttokenhashYmExN2VkLTExMGMtNDVmthisisagianttokenhashmF6cGFjciI6IjEiLCJ0aWQiOiJmMDIzNDUwMS0yN2RkLTQ1NjUtYjU0NS00MGVkMWZmM2NkNTUiLCJ1dGkiOiJWOEhIbXVfZ1RVZUZQQ0pKNF91b0FBIiwidmVyIjoiMi4wIn0.rrQVOMQ2M3xhBeA96fOeidrghJep_DEC0-y-WTlsZu37rO18FgTBAp-tNeMasrLZlEcP6O2Ij8OqxY8yqxmIaPoaXpH9f8DN6nkthisisagianttokenhashlCDGp6zUdEb0XDA2-JXbSbs918g9DPBjuTDio1-Cithisisagianttokenhash8C4-H1XZfRN4Z7IMthisisagianttokenhashxp8lqK66NrXI2RtihtBs6gI3GKpfhok-H6_NvUaQQthisisagianttokenhashOHlKrKQ6D2fUIcXg
isExpired: false
expirationTime: '2026-06-22T12:01:17.348976Z'
'400':
description: >-
One or more fields in the request were not submitted or didn't pass
validation. Please review the request body and parameters against
the required schema.
content:
text/plain:
schema:
$ref: '#/components/schemas/StatusMessageResponse'
examples:
An error during request execution:
value:
message: Unable to perform the request action with provided data.
Validation error:
value:
message: One or more validation failed.
errors:
- The field is required.
fluentValidatorErrors:
- propertyName: PropertyName
errorMessage: The field is required
attemptedValue: null
customState: null
severity: Error
errorCode: null
formattedMessagePlaceholderValues: null
application/json:
schema:
$ref: '#/components/schemas/StatusMessageResponse'
examples:
An error during request execution:
value:
message: Unable to perform the request action with provided data.
Validation error:
value:
message: One or more validation failed.
errors:
- The field is required.
fluentValidatorErrors:
- propertyName: PropertyName
errorMessage: The field is required
attemptedValue: null
customState: null
severity: Error
errorCode: null
formattedMessagePlaceholderValues: null
text/json:
schema:
$ref: '#/components/schemas/StatusMessageResponse'
examples:
An error during request execution:
value:
message: Unable to perform the request action with provided data.
Validation error:
value:
message: One or more validation failed.
errors:
- The field is required.
fluentValidatorErrors:
- propertyName: PropertyName
errorMessage: The field is required
attemptedValue: null
customState: null
severity: Error
errorCode: null
formattedMessagePlaceholderValues: null
'401':
description: >-
The provided credentials are either missing or invalid, or the
AzureAD token could not obtained.
content:
text/plain:
schema:
$ref: '#/components/schemas/StatusMessageResponse'
example:
message: Unable to retrieve AzureAD token
application/json:
schema:
$ref: '#/components/schemas/StatusMessageResponse'
example:
message: Unable to retrieve AzureAD token
text/json:
schema:
$ref: '#/components/schemas/StatusMessageResponse'
example:
message: Unable to retrieve AzureAD token
components:
schemas:
GetAzureAdTokenRequestDto:
required:
- clientId
- clientSecret
type: object
properties:
clientId:
maxLength: 500
minLength: 1
type: string
description: The client unique merchant identifier for authentication.
clientSecret:
maxLength: 500
minLength: 1
type: string
description: The merchant's secret used to verify their identity.
additionalProperties: false
GetAzureAdTokenSuccessResponseDTO:
type: object
properties:
token_type:
type: string
description: The token type, returns only Bearer.
expires_in:
type: integer
description: The remaining lifetime of the access token in seconds.
format: int32
ext_expires_in:
type: integer
description: The remaining lifetime of the access token in seconds.
format: int32
access_token:
type: string
description: JWT token that must be included in the Authorization header.
isExpired:
type: boolean
description: Whether the token expired or not.
readOnly: true
expirationTime:
type: string
description: >-
A timestamp expressed in UTC, indicating the exact moment the access
token will expire.
format: YYYY-MM-DDThh:mm:ss
additionalProperties: false
StatusMessageResponse:
type: object
properties:
message:
type: string
nullable: true
errors:
type: array
items:
type: string
nullable: true
fluentValidatorErrors:
type: array
items:
$ref: '#/components/schemas/ValidationFailure'
nullable: true
additionalProperties: false
ValidationFailure:
type: object
properties:
propertyName:
type: string
nullable: true
errorMessage:
type: string
nullable: true
attemptedValue:
nullable: true
customState:
nullable: true
severity:
$ref: '#/components/schemas/Severity'
errorCode:
type: string
nullable: true
formattedMessagePlaceholderValues:
type: object
additionalProperties:
nullable: true
nullable: true
additionalProperties: false
Severity:
enum:
- Error
- Warning
- Info
type: string
````