Get Token by Authorization Code (PKCE)
POST {Client API Hostname}/oauth/token
Basic Authorization (retrieve credentials from OAuth Application)
- Username: OAuth Client ID
- Password: OAuth Client Secret
- HTTP header:
Authorization: Basic base64(client_id:client_secret)
Request Body
| Key | Type | Required | Rule | Description |
|---|---|---|---|---|
| grant_type | string | Mandatory | must be authorization_code | OAuth grant type |
| code | string | Mandatory | Authorization code received from the Redirect to Login step | |
| code_verifier | string | Mandatory | Original random string used to compute code_challenge |
Expected HTTP status code
- 200
Response
| Name | Type | Description |
|---|---|---|
| access_token | string | Bearer access token |
| token_type | string | Always Bearer |
| expires_in | number | Token lifetime in seconds |
| refresh_token | string | Refresh token |
Error
| Code | error | error_description |
|---|---|---|
400 | invalid_grant | invalid grant type |
400 | invalid_grant | Authorization code is invalid or does not exist |
400 | invalid_grant | Authorization code has expired |
400 | invalid_grant | Code verifier does not match code challenge |