OpenSylo Marketplace API
  1. OAuth 2.0
OpenSylo Marketplace API
  • Introduction
  • Getting Started
  • OAuth 2.0 Flow
  • Webhook Integration
  • Sandbox Testing
  • Error Reference
  • Marketplace Dashboard
    • Login to the marketplace dashboard
      POST
    • View OAuth credentials
      GET
    • Regenerate client secret
      POST
  • OAuth 2.0
    • Start OAuth authorization
      GET
    • Exchange code or refresh token
      POST
    • Revoke a token
      POST
    • OAuth discovery / client metadata
      GET
  • Data Ingestion
    • Submit single merchant data
      POST
    • Submit bulk merchant data
      POST
    • Get merchant credit score
      GET
    • Integration health check
      GET
  • Loan API
    • Get active loans for a merchant
      GET
    • Get loan status
      GET
    • Validate deduction amounts
      POST
    • Bulk loan status check
      POST
  • Inbound Webhooks
    • Send repayment webhook
      POST
    • Send settlement webhook
      POST
  • Sandbox
    • Sandbox environment info
      GET
    • Get sandbox test credentials
      GET
    • Get sandbox test merchants
      GET
  • Schemas
    • DashboardLoginRequest
    • DashboardLoginResponse
    • CredentialsResponse
    • RegenerateSecretResponse
    • TokenRequest
    • TokenResponse
    • RevokeRequest
    • ClientMetadataResponse
    • MerchantIdentity
    • SalesPerformance
    • RevenueConsistency
    • FulfillmentMetrics
    • PayoutCashFlow
    • PlatformDependency
    • HistoricalCredit
    • BehavioralRisk
    • MerchantDataRequest
    • ScoreBreakdown
    • CreditScore
    • MerchantDataResponse
    • BulkMerchantDataRequest
    • BulkMerchantDataResponse
    • CreditScoreResponse
    • HealthResponse
    • ActiveLoansResponse
    • LoanStatusResponse
    • ValidateDeductionsRequest
    • ValidateDeductionsResponse
    • BulkLoanStatusRequest
    • BulkLoanStatusResponse
    • RepaymentWebhookRequest
    • SettlementWebhookRequest
    • WebhookAckResponse
    • SandboxInfoResponse
    • SandboxCredentialsResponse
    • SandboxMerchantsResponse
    • OAuthError
    • ApiError
  1. OAuth 2.0

Exchange code or refresh token

POST
/oauth/token
Exchange an authorization code for tokens (grant_type=authorization_code) or refresh an expired access token (grant_type=refresh_token). Access tokens are valid for 1 hour; refresh tokens for 30 days. Refresh tokens are NOT rotated.

Request

Body Params application/jsonRequired

Examples

Responses

🟢200
application/json
Tokens issued
Body

🟠401
Request Request Example
Shell
JavaScript
Java
Swift
cURL
curl --location --request POST 'https://api.opensylo.com/oauth/token' \
--header 'Content-Type: application/json' \
--data-raw '{
    "grant_type": "authorization_code",
    "code": "auth_code_abc123",
    "client_id": "yourmarketplace_client_a1b2c3d4",
    "client_secret": "cs_secret_your_secret",
    "redirect_uri": "https://yourmarketplace.com/oauth/callback",
    "code_verifier": "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk"
}'
Response Response Example
200 - Success
{
    "access_token": "opaque_access_token",
    "token_type": "Bearer",
    "expires_in": 3600,
    "refresh_token": "opaque_refresh_token",
    "scope": "data.share.sales data.share.profile credit.score.read"
}
Modified at 2026-01-29 23:19:05
Previous
Start OAuth authorization
Next
Revoke a token
Built with