Oauth
Obtain access token
Exchange authorization code for an access token, or refresh an existing token.
Authorization Code Flow
- Direct users to
/oauth/authorizewith your client_id, redirect_uri, and requested scopes - User authorizes your application
- You receive an authorization code at your redirect_uri
- Exchange the code for an access token using this endpoint with
grant_type=authorization_code
Refreshing Tokens
- Use
grant_type=refresh_tokenwith a valid refresh_token to obtain a new access token - Access tokens expire after 1 hour
- Refresh tokens are long-lived and should be stored securely
POST
/oauth/token
Responses
200
Access token issued successfully
Response Fields
access_token
string
required
Bearer token to use for API authentication
eg. eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
token_type
string
required
Token type (always "Bearer")
eg. Bearer
expires_in
integer
required
Number of seconds until the access token expires (3600 = 1 hour)
eg. 3600
refresh_token
string
Refresh token to obtain a new access token (only included on initial token grant)
eg. refresh_token_here
scope
string
Space-separated list of granted scopes
eg. account.person.readonly account.channel.readonly
created_at
integer
required
Unix timestamp when the token was created
eg. 1704067200
400
Bad Request - Invalid grant, missing parameters, or invalid credentials
Response Fields
error
string
eg. invalid_grant
error_description
string
eg. The provided authorization grant is invalid, expired, revoked, or does not match the redirection URI
401
Unauthorized - Invalid client credentials
Response Fields
error
string
eg. invalid_client
error_description
string
eg. Client authentication failed
Mentioned in Guides
This endpoint is used in the following guides: