Skip to main content
POST
/
oauth
/
token
Token Endpoint
curl --request POST \
  --url https://api.casexchange.com/api/v1/oauth/token \
  --header 'Authorization: Basic <encoded-value>' \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data grant_type=authorization_code \
  --data 'code=<string>' \
  --data 'redirect_uri=<string>' \
  --data 'client_id=<string>' \
  --data 'client_secret=<string>' \
  --data 'code_verifier=<string>'
{
  "access_token": "<string>",
  "token_type": "Bearer",
  "expires_in": 123,
  "refresh_token": "<string>",
  "scope": "<string>",
  "id_token": "<string>"
}
Exchange authorization codes for access tokens, or refresh expired access tokens using refresh tokens. Supports Authorization Code and Refresh Token grant types.

Authorizations

Authorization
string
header
required

Client ID and secret for OAuth token endpoints

Body

grant_type
enum<string>
required
Available options:
authorization_code
code
string
required
redirect_uri
string<uri>
required
client_id
string
client_secret
string
code_verifier
string

PKCE code verifier (required if code_challenge was provided)

Response

Token response

access_token
string
token_type
enum<string>
Available options:
Bearer
expires_in
integer
refresh_token
string
scope
string
id_token
string | null

OpenID Connect ID token (if openid scope requested)