Skip to main content

Tokens Endpoint

Endpoint: GET /oauth/token

The token endpoint is used to exchange the authorization code for an access token or to refresh an expired access token.

Authorization Code Flow

Request Parameters:

  • client_id: The client ID of your application (obtained during app registration)
  • client_secret: The client secret of your application (obtained during app registration)
  • grant_type: Use authorization_code for the authorization code flow
  • code: The authorization code received from the authorization endpoint
  • redirect_uri: The same redirect URI used during the authorization process

Example Request:

curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&grant_type=authorization_code&code=AUTHORIZATION_CODE&redirect_uri=YOUR_REDIRECT_URI" "https://api.commoninja.com/oauth/token"

Example Response:

{
  "accessToken": "ACCESS_TOKEN",
  "accessTokenExpiresAt": "EXPIRATION_DATE",
  "refreshToken": "REFRESH_TOKEN",
  "refreshTokenExpiresAt": "EXPIRATION_DATE"
}

Refresh Token Flow

Request Parameters:

  • client_id: The client ID of your application (obtained during app registration)
  • client_secret: The client secret of your application (obtained during app registration)
  • grant_type: Use refresh_token for the refresh token flow
  • refresh_token: The refresh token obtained during the initial token exchange

Example Request:

curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&grant_type=refresh_token&refresh_token=REFRESH_TOKEN" "https://api.commoninja.com/oauth/token"

Example Response:

{
  "accessToken": "NEW_ACCESS_TOKEN",
  "accessTokenExpiresAt": "NEW_EXPIRATION_DATE"
}