Token
This endpoint is used by confidential and public clients to exchange an authorization code for an access token.
Depending on the application type, the following parameters are required for grant_type=code:
- Confidental (private) client –
client_secretis required - Public client – matching
code_verifieris required forcode_challengesent during the authentication request.
Refresh tokens issued for public clients are single-use only – a new refresh token is issued upon successful authorization.
Body
- Code Exchange
- Refresh Token Exchange
The set of parameters required for the exchange of the code to an access token.
The unique ID of the OAuth client that makes the authorization request.
The selected authorization grant type.
code The application's redirect_uri for which the grant was requested.
The authorization code.
The secret associated with the OAuth client that makes the request.
The authorization code verifier used to verify if the requester is a legitimate authorization code recipient.
Response
OK: Returns a new token.
Represents an OAuth 2 token with details about its scope, validity, and associated account.
The actual token string that is used for authorization in API requests.
The unique identifier of the account for which the token has been issued.
The unique identifier of the OAuth client for which the token has been issued.
Duration (in seconds) after which the token will expire.
The unique identifier of the organization for which the token has been issued.
An optional token that can be used to obtain a new access token once the current one expires. Not available for tokens minted with implicit grant flow.
List of permissions granted to the token, separated by commas.
The type of the access token.