# Login

### User Authentication and Authorization Initialization

## POST /in-store/oauth2/authorize

> This service starts the authorization step and generates an "auth code".\
> \
> Flow:\
> 1\) A request is sent to this service with a form-urlencoded body.\
> 2\) The "code" value in the response is received.\
> 3\) The received "code" value is used in the "Get Token with Auth Code" service to generate a token.<br>

```json
{"openapi":"3.0.3","info":{"title":"Terminal API – Outside Flow","version":"1.0.3"},"tags":[{"name":"OAuth"}],"servers":[{"url":"https://api.iyzipay.com"},{"url":"https://sandbox-api.iyzipay.com"}],"paths":{"/in-store/oauth2/authorize":{"post":{"tags":["OAuth"],"description":"This service starts the authorization step and generates an \"auth code\".\n\nFlow:\n1) A request is sent to this service with a form-urlencoded body.\n2) The \"code\" value in the response is received.\n3) The received \"code\" value is used in the \"Get Token with Auth Code\" service to generate a token.\n","requestBody":{"required":true,"content":{"application/x-www-form-urlencoded":{"schema":{"$ref":"#/components/schemas/OAuthAuthorizeRequest"}}}},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OAuthAuthorizeResponse"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OAuthAuthorizeErrorResponse"}}}}}}}},"components":{"schemas":{"OAuthAuthorizeRequest":{"type":"object","required":["scope","client_id","client_secret","response_type","username","password","request_timestamp"],"properties":{"scope":{"type":"string","description":"Default value: iyzipayApiGateway","enum":["iyzipayApiGateway"]},"client_id":{"type":"string","description":"Merchant-specific client_id value provided by iyzico."},"client_secret":{"type":"string","description":"Merchant-specific client secret value generated by iyzico."},"response_type":{"type":"string","description":"Default value: code","enum":["code"]},"username":{"type":"string","description":"Username"},"password":{"type":"string","description":"User password"},"request_timestamp":{"type":"string","description":"Unix timestamp value of the relevant request."}}},"OAuthAuthorizeResponse":{"type":"object","properties":{"code":{"type":"string","description":"Auth Code"},"issuedAt":{"type":"string","description":"Transaction date"},"expiredAt":{"type":"string","description":"Transaction validity date"}}},"OAuthAuthorizeErrorResponse":{"type":"object","properties":{"errorCode":{"type":"string","description":"Error Code"},"description":{"type":"string","description":"Error Description"},"uri":{"type":"string","description":"Returned in some cases"}}}}}}
```

### Sample Collection

<table data-view="cards"><thead><tr><th></th></tr></thead><tbody><tr><td><a href="https://www.postman.com/iyzico/iyzico/request/47010871-736de0b5-c39a-4c8e-8c9f-626b4ce8414a">Postman</a></td></tr></tbody></table>

### Get Token with Auth Code / Refresh Token

## POST /in-store/oauth2/token

> This service generates access\_token and refresh\_token using the auth code.\
> \
> Authorization (Basic Auth):\
> \- Username: client\_id\
> \- Password: client\_secret\
> Header format:\
> Authorization: Basic base64(client\_id:client\_secret)\
> \
> Flow (Auth Code):\
> 1\) The "code" returned from /authorize call is retrieved.\
> 2\) It is sent to this service with a form-urlencoded body:\
> &#x20;  \- grant\_type=authorization\_code\
> &#x20;  \- code={authCode}\
> 3\) From the response:\
> &#x20;  \- access\_token: Used as Bearer Token in Terminal Host services.\
> &#x20;  \- refresh\_token: Stored for token renewal.\
> &#x20;  \- expires\_in: access\_token validity period (seconds).<br>

```json
{"openapi":"3.0.3","info":{"title":"Terminal API – Outside Flow","version":"1.0.3"},"tags":[{"name":"OAuth"}],"servers":[{"url":"https://api.iyzipay.com"},{"url":"https://sandbox-api.iyzipay.com"}],"security":[{"BasicAuth":[]}],"components":{"securitySchemes":{"BasicAuth":{"type":"http","scheme":"basic","description":"Authorization with Basic Auth.\nPostman Basic Auth fields:\n- Username: client_id\n- Password: client_secret\n\nHTTP header equivalent:\nAuthorization: Basic base64(client_id:client_secret)\n"}},"schemas":{"OAuthTokenRequestAuthCode":{"type":"object","required":["grant_type","code"],"description":"Generates a JWT token using the Authorization Code. Basic Auth is performed with client_id and client_secret.","properties":{"grant_type":{"type":"string","description":"Transaction type for token generation","enum":["authorization_code","refresh_token"]},"code":{"type":"string","description":"authCode value generated during the authorization step."}}},"OAuthTokenRequestRefresh":{"type":"object","required":["grant_type","refresh_token"],"description":"Generates a JWT token using the Refresh Token. Basic Auth is performed with client_id and client_secret.","properties":{"grant_type":{"type":"string","description":"Transaction type for token generation","enum":["authorization_code","refresh_token"]},"refresh_token":{"type":"string","description":"Refresh token value to be used for token renewal."}}},"OAuthTokenResponse":{"type":"object","properties":{"access_token":{"type":"string","description":"Access Token Value"},"refresh_token":{"type":"string","description":"Refresh Token Value"},"scope":{"type":"string","description":"Default Scope Value","enum":["iyzipayApiGateway"]},"token_type":{"type":"string","description":"Token type used in authorization"},"expires_in":{"type":"integer","format":"int32","description":"Validity period in seconds."}}},"OAuthSimpleError":{"type":"object","properties":{"error":{"type":"string"}}}}},"paths":{"/in-store/oauth2/token":{"post":{"tags":["OAuth"],"description":"This service generates access_token and refresh_token using the auth code.\n\nAuthorization (Basic Auth):\n- Username: client_id\n- Password: client_secret\nHeader format:\nAuthorization: Basic base64(client_id:client_secret)\n\nFlow (Auth Code):\n1) The \"code\" returned from /authorize call is retrieved.\n2) It is sent to this service with a form-urlencoded body:\n   - grant_type=authorization_code\n   - code={authCode}\n3) From the response:\n   - access_token: Used as Bearer Token in Terminal Host services.\n   - refresh_token: Stored for token renewal.\n   - expires_in: access_token validity period (seconds).\n","requestBody":{"required":true,"content":{"application/x-www-form-urlencoded":{"schema":{"oneOf":[{"$ref":"#/components/schemas/OAuthTokenRequestAuthCode"},{"$ref":"#/components/schemas/OAuthTokenRequestRefresh"}]}}}},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OAuthTokenResponse"}}}},"400":{"description":"Bad Request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OAuthSimpleError"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OAuthSimpleError"}}}}}}}}}
```

## Get Token with Refresh Token

> This service generates a new access\_token using the refresh\_token (token renewal).\
> \
> Authorization (Basic Auth):\
> \- Username: client\_id\
> \- Password: client\_secret\
> Header format:\
> Authorization: Basic base64(client\_id:client\_secret)\
> \
> Flow:\
> 1\) The "refresh\_token" received from the previous token call is stored.\
> 2\) It is sent to this service with a form-urlencoded body:\
> &#x20;  \- grant\_type=refresh\_token\
> &#x20;  \- refresh\_token={refresh\_token}\
> 3\) The new access\_token is received from the response and used in Terminal Host services.<br>

```json
{"openapi":"3.0.3","info":{"title":"Terminal API – Outside Flow","version":"1.0.3"},"tags":[{"name":"OAuth"}],"servers":[{"url":"https://api.iyzipay.com"},{"url":"https://sandbox-api.iyzipay.com"}],"security":[{"BasicAuth":[]}],"components":{"securitySchemes":{"BasicAuth":{"type":"http","scheme":"basic","description":"Authorization with Basic Auth.\nPostman Basic Auth fields:\n- Username: client_id\n- Password: client_secret\n\nHTTP header equivalent:\nAuthorization: Basic base64(client_id:client_secret)\n"}},"schemas":{"OAuthTokenRequestRefresh":{"type":"object","required":["grant_type","refresh_token"],"description":"Generates a JWT token using the Refresh Token. Basic Auth is performed with client_id and client_secret.","properties":{"grant_type":{"type":"string","description":"Transaction type for token generation","enum":["authorization_code","refresh_token"]},"refresh_token":{"type":"string","description":"Refresh token value to be used for token renewal."}}},"OAuthTokenResponse":{"type":"object","properties":{"access_token":{"type":"string","description":"Access Token Value"},"refresh_token":{"type":"string","description":"Refresh Token Value"},"scope":{"type":"string","description":"Default Scope Value","enum":["iyzipayApiGateway"]},"token_type":{"type":"string","description":"Token type used in authorization"},"expires_in":{"type":"integer","format":"int32","description":"Validity period in seconds."}}},"OAuthSimpleError":{"type":"object","properties":{"error":{"type":"string"}}}}},"paths":{"/in-store/oauth2/token/refresh":{"post":{"tags":["OAuth"],"summary":"Get Token with Refresh Token","description":"This service generates a new access_token using the refresh_token (token renewal).\n\nAuthorization (Basic Auth):\n- Username: client_id\n- Password: client_secret\nHeader format:\nAuthorization: Basic base64(client_id:client_secret)\n\nFlow:\n1) The \"refresh_token\" received from the previous token call is stored.\n2) It is sent to this service with a form-urlencoded body:\n   - grant_type=refresh_token\n   - refresh_token={refresh_token}\n3) The new access_token is received from the response and used in Terminal Host services.\n","requestBody":{"required":true,"content":{"application/x-www-form-urlencoded":{"schema":{"$ref":"#/components/schemas/OAuthTokenRequestRefresh"}}}},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OAuthTokenResponse"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OAuthSimpleError"}}}}}}}}}
```

### Sample Collection

<table data-view="cards"><thead><tr><th></th></tr></thead><tbody><tr><td><a href="https://www.postman.com/iyzico/iyzico/request/47010871-e6a71b90-907e-45f2-9968-8c6f87c47040">Auth Code</a></td></tr><tr><td><a href="https://www.postman.com/iyzico/iyzico/request/47010871-1898d0c7-82ce-4b9b-ab89-d00d2fe42a3f">Refresh Token</a></td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.iyzico.com/en/products/physical-pos/terminal-api-integration/login.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.