Skip to main content
POST
/
v1
/
auth
/
oauth
/
token
{
  "access_token": "<string>",
  "expires_in": 123,
  "refresh_token": "<string>",
  "refresh_token_expires_in": 123
}

Overview

Exchange an authorization code or refresh token for access tokens. Supports two grant types:
  1. Authorization Code (grant_type=authorization_code) - Step 4 of OAuth flow
  2. Refresh Token (grant_type=refresh_token) - Renew expired access tokens

Request

Body Parameters

grant_type
string
required
Type of token exchangeValues: authorization_code | refresh_token
code
string
Authorization code from Step 3Required for: authorization_code grant
redirect_uri
string
Must exactly match URI from Step 1Required for: authorization_code grant
code_verifier
string
Original PKCE verifier from Step 1 (43-128 chars)Required for: authorization_code grantPattern: [A-Za-z0-9-._~]{43,128}
refresh_token
string
Refresh token from previous exchangeRequired for: refresh_token grant

Response

access_token
string
Bearer token for API authentication (6 hours expiry)Example: access_token_100a99cf-f4d3-4fa1-9be9-2e9828b20ebc
expires_in
number
Access token lifetime in seconds (21600 = 6 hours)
refresh_token
string
Token for obtaining new access tokens (184 days expiry)Example: refresh_token_100a99cf-f4d3-4fa1-9be9-2e9828b20ebd
refresh_token_expires_in
number
Refresh token lifetime in seconds (15897600 = 184 days)

Code Examples

curl -X POST "https://dev.api.baanx.com/v1/auth/oauth/token" \
  -H "x-client-key: your-client-key" \
  -H "Content-Type: application/json" \
  -d '{
    "grant_type": "authorization_code",
    "code": "auth_code_xyz123",
    "redirect_uri": "https://yourapp.com/callback",
    "code_verifier": "bbdbb44b57e78fbdf7254757bc62de8ce2b5342c"
  }'
Implement automatic token refresh 5 minutes before expiry to ensure uninterrupted API access.