For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Create tokenDev Discord
  • Get started
    • Introduction
    • Authentication
    • API Privacy
    • Exceptions
    • Dev Discord
  • Modules
      • GETGet OAuth2 identity
      • POSTExchange OAuth2 token
  • Changelog
    • v3.7.2 - OAuth2
    • v3.7.1
    • v3.7
    • v3.6 - Fruma Expansion
    • v3.5.2
    • v3.5.1
    • v3.5 - User System
    • v3.4
    • v3.3.4
    • v3.3.3
    • v3.3.2
    • v3.3.1
    • v3.3 - Rekindled World
    • v3.2.5
    • v3.2.4
    • v3.2.3
    • v3.2.2
    • v3.2.1
    • v3.2
    • v3.1
    • v3.0
LogoLogoWynncraft API - Documentation
Create tokenDev Discord
ModulesOAuth2

Exchange OAuth2 token

POST
https://api.wynncraft.com/v3/oauth/token
POST
/v3/oauth/token
$curl -X POST https://api.wynncraft.com/v3/oauth/token \
>     -H "Content-Type: application/x-www-form-urlencoded" \
>     -d "grant_type=authorization_code" \
>     -d "code=string" \
>     -d "redirect_uri=string" \
>     -d "client_id=string"
200Authorization code exchange success response
1{
2  "access_token": "wgc_g37VxyznaVYuUtjWyA54fgoC_qG-cIDNjVhM-FG",
3  "token_type": "bearer",
4  "scope": "identify main_access"
5}
<Warning> This endpoint expects `application/x-www-form-urlencoded`. </Warning> <Warning> Try it will not return usable data for this route. It depends on a live OAuth2 authentication context outside the docs. </Warning> <Info> Get started with OAuth by reading [our guide](/oauth2/creating-an-application). </Info> <Info> Only the `authorization_code` grant type is supported. Authorization codes are one-time use and expire after 5 minutes. </Info> PKCE is supported for both Private and Public applications but Public applications must send `code_verifier` and must not send `client_secret`. Private applications must send `client_secret`. Only `S256` PKCE is supported.
Was this page helpful?
Previous

Get OAuth2 identity

Next

List guilds

Built with

This endpoint expects application/x-www-form-urlencoded.

Try it will not return usable data for this route. It depends on a live OAuth2 authentication context outside the docs.

Get started with OAuth by reading our guide.

Only the authorization_code grant type is supported. Authorization codes are one-time use and expire after 5 minutes.

PKCE is supported for both Private and Public applications but Public applications must send code_verifier and must not send client_secret.

Private applications must send client_secret.

Only S256 PKCE is supported.

Request

This endpoint expects an object.
grant_typeenumRequired

Only authorization_code is supported.

Allowed values:
codestringRequired

One-time authorization code. Expires after 5 minutes.

redirect_uristringRequiredformat: "uri"
Must match the redirect URI used during authorization.
client_idstringRequired
client_secretstringOptional
Required for private applications. Must not be sent by public applications.
code_verifierstringOptional
Required for public applications and for any authorization code created with PKCE.

Response

OAuth2 access token exchange result.
access_tokenstring
token_typeenum
Allowed values:
scopestring

Space-delimited granted scopes.