New user?

Returning user?

Forgot your password?

It's completely free!


Register here

Forgot your password?


You're one step closer to becoming a Aptoider!

We will send you a confirmation email to

In the meantime please continue to the final registration step.

Continue to final step Ups... wrong email...

Need to contact us?

Please insert an email address Password must:<br>- have 8 characters minimum<br>- have one letter<br>- have one number OR one special character (!@#$%*) This url is invalid, please enter a valid one. Use only letters, numbers and/or dashes. No spaces please! Please insert a name Business Name should be smaller than 40 characters. Please insert an address. Please insert a company name. Please insert a valid country. Please insert a valid phone number. Please insert a valid phone number. Please insert a city. Please insert a zip/postal code. Please insert a tax ID / VAT. You must agree with terms of use. You must select one option RETRY JOIN NOW
This website uses cookies to improve service quality. By browsing this website, you are consenting the use of cookies.
I understand Learn more

Web Services Documentation

Validating user credentials



Supported Formats:


Supported Methods:



Public webservice to validate user credentials by returning an access token (to use in other webservices).


username User email (optional)
password User password in cleartext or SHA1 encoded  (optional)
grant_type OAuth2 grant type: 'password' or 'refresh_token'
client_id OAuth2 client id: 'Aptoide'
mode Return format : 'xml' or 'json' (optional, default is 'xml')
refresh_token Refresh token, used to obtain a new access token (optional)

Mandatory arguments:

This endpoint requires 1 of the following possible combinations of arguments:

• client_id AND grant_type ('password') AND username AND password

• client_id AND grant_type ('refresh_token') AND refresh_token


access_token OAuth Access Token
expires_in Lifetime in seconds of the access token
token_type OAuth access token type
scope The scope of the access token
refresh_token OAuth Refresh Token
error OAuth error code (invalid_grant, invalid_client, invalid_request)
error_description OAuth error description
status Request result status (FAIL) in case of missing/invalid parameters or system error
errors Errors log from the request in case of missing/invalid parameters or system error

Error Codes:

Name Description
invalid_grant Invalid username and password combination.
invalid_client Invalid client or must authenticate using a client secret.
invalid_request Missing parameter: 'refresh_token' is required
MARG-201 Missing authentication parameter(s): user and/or password
MARG-203 Missing client id
MARG-204 Missing grant type
IARG-203 Invalid grant type
SYS-1 An unknown error occurred, please try again.
SYS-4 This call is not supported by the current API version.

Sample Response - error:

Sample JSON

   "error_description":"Invalid username and password combination"

Sample Response - success:

Sample JSON