ModulesOAuth2

Exchange OAuth2 token

<Warning> This endpoint expects `application/x-www-form-urlencoded`. </Warning> <Warning> Try it will not return usable data for this route. It depends on a live OAuth2 authentication context outside the docs. </Warning> <Info> Get started with OAuth by reading [our guide](/oauth2/creating-an-application). </Info> <Info> Only the `authorization_code` grant type is supported. Authorization codes are one-time use and expire after 5 minutes. </Info> PKCE is supported for both Private and Public applications but Public applications must send `code_verifier` and must not send `client_secret`. Private applications must send `client_secret`. Only `S256` PKCE is supported.

Request

This endpoint expects an object.
grant_typeenumRequired

Only authorization_code is supported.

codestringRequired

One-time authorization code. Expires after 5 minutes.

redirect_uristringRequiredformat: "uri"
Must match the redirect URI used during authorization.
client_idstringRequired
client_secretstringOptional
Required for private applications. Must not be sent by public applications.
code_verifierstringOptional
Required for public applications and for any authorization code created with PKCE.

Response

OAuth2 access token exchange result.
access_tokenstring
token_typeenum
scopestring

Space-delimited granted scopes.