Authorization Token


All transaction APIs in Ola’s developer platform require you to pass access tokens in the header of the respective calls. There are two types of tokens:

X-APP Token (or Partner Token)

This is a unique key which identifies you as a registered Ola affiliate partner. This will be issued to you by Ola (will be visible in your developers account), and will always remain valid without any expiry

Authorization Token (or User Access Token)

This is a unique key which identifies the user who is using your platform to generate a transaction on Ola. This is valid for 6 months. This can be generated using OAuth URL provided in your developers account.

OAuth URL

This follows OAuth 2.0 specification and you would be required to provide a ‘redirect_uri’. This is used to allow a user on your platform to link his/her Ola account to the user’s account on your platform. If the user does not have an existing Ola account, he/she will be asked to sign-up for the same using the same URL.


In order to generate an authorization token, use the URL to open Ola’s login/signup page as a web-view in your app. Once the user authenticates and provides permission to provide you access to his/her Ola account, he/she will be directed back to the redirect_uri along with the authorization token. You will be needed to parse ‘access_token’ from the URL and store it at your end. This would need to be sent in all subsequent API calls made for that user such as creation of rides, cancellation of rides etc.


Structure


 https://devapi.olacabs.com/oauth2/authorize?response_type=token&client_id=<client_id>
&redirect_uri=<partner's redirect_uri>&scope=profile%20booking
   

Example: If the redirect_uri provided by you is ‘https://3rdparty.com’ and client_id assigned by Ola to you is YTg4YzUzZTklaViZi00ZGE3LTg5a$


Sample OAuth URL (Find yours in your developers account):

https://devapi.olacabs.com/oauth2/authorize?response_type=token&client_id=YTg4YzUzZTklaViZi00ZGE3LTg5a$&redirect_uri=https://3rdparty.com/&scope=profile%20booking&state=state123

  
Sample return URL (to receive access token):

https://3rdparty.com/#access_token=1b6e37716abdh&state=state123&scope=profile%20booking&token_type=bearer&expires_in=15552000
                      

User Access Token Expiry

If the access token is expired, all Ola API calls will throw the below error. You need to use the OAuth URL to take the user once again to Ola login/signup flow.

status code: 401 Unauthorized
format: plain/text
{"code":"invalid_access_token","message":"Access token in not valid"}