Exchange Code for Tokens

curl --request POST \
  --url https://api.example.com/v1/auth/oauth/token \
  --header 'Content-Type: application/json' \
  --data '
{
  "grant_type": "<string>",
  "code": "<string>",
  "redirect_uri": "<string>",
  "code_verifier": "<string>",
  "refresh_token": "<string>"
}
'

{
  "access_token": "<string>",
  "expires_in": 123,
  "refresh_token": "<string>",
  "refresh_token_expires_in": 123
}

POST

auth

oauth

token

Exchange Code for Tokens

curl --request POST \
  --url https://api.example.com/v1/auth/oauth/token \
  --header 'Content-Type: application/json' \
  --data '
{
  "grant_type": "<string>",
  "code": "<string>",
  "redirect_uri": "<string>",
  "code_verifier": "<string>",
  "refresh_token": "<string>"
}
'

{
  "access_token": "<string>",
  "expires_in": 123,
  "refresh_token": "<string>",
  "refresh_token_expires_in": 123
}

Overview

Exchange an authorization code or refresh token for access tokens. Supports two grant types:

Authorization Code (grant_type=authorization_code) - Step 4 of OAuth flow
Refresh Token (grant_type=refresh_token) - Renew expired access tokens

Request

Body Parameters

grant_type

string

required

Type of token exchangeValues: authorization_code | refresh_token

code

string

Authorization code from Step 3Required for: authorization_code grant

redirect_uri

string

Must exactly match URI from Step 1Required for: authorization_code grant

code_verifier

string

Original PKCE verifier from Step 1 (43-128 chars)Required for: authorization_code grantPattern: [A-Za-z0-9-._~]{43,128}

refresh_token

string

Refresh token from previous exchangeRequired for: refresh_token grant

Response

access_token

string

Bearer token for API authentication (6 hours expiry)Example: access_token_100a99cf-f4d3-4fa1-9be9-2e9828b20ebc

expires_in

number

Access token lifetime in seconds (21600 = 6 hours)

refresh_token

string

Token for obtaining new access tokens (184 days expiry)Example: refresh_token_100a99cf-f4d3-4fa1-9be9-2e9828b20ebd

refresh_token_expires_in

number

Refresh token lifetime in seconds (15897600 = 184 days)

Code Examples

curl -X POST "https://dev.api.baanx.com/v1/auth/oauth/token" \
  -H "x-client-key: your-client-key" \
  -H "Content-Type: application/json" \
  -d '{
    "grant_type": "authorization_code",
    "code": "auth_code_xyz123",
    "redirect_uri": "https://yourapp.com/callback",
    "code_verifier": "bbdbb44b57e78fbdf7254757bc62de8ce2b5342c"
  }'

Implement automatic token refresh 5 minutes before expiry to ensure uninterrupted API access.

Generate Authorization Code Revoke OAuth Authorization

​Overview

​Request

​Body Parameters

​Response

​Code Examples

Overview

Request

Body Parameters

Response

Code Examples