Description and Details
This endpoint is used to exchange an authorization code (received after successful user consent authorization) for an access token and optionally a refresh token. It is part of the OAuth 2.0 Authorization Code flow.
Endpoint
https://api-dev-isolution.xyz/opentest/token
Verb Method
POST
Headers Request Parameters
| Key | Value | Required | Description |
|---|---|---|---|
| Content-Type | application/x-www-form-urlencoded | Yes | Specifies the encoding of the request body |
| Accept | application/json | Optional | Expected response format |
| Authorization | Basic {base64(client_id:client_secret)} | Yes | Client authentication via Basic Auth |
Body Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| grant_type | string | Yes | Must be authorization_code |
| code | string | Yes | The authorization code received from the authorize endpoint |
| redirect_uri | string | Yes | Must match the redirect URI used in the authorize request |
| client_id | string | Yes | The client ID assigned to your application |
| client_secret | string | Yes | The client secret assigned to your application |
Response Parameters
| Parameter | Type | Description |
|---|---|---|
| access_token | string | Token used for accessing protected resources |
| token_type | string | Type of token (typically "Bearer") |
| expires_in | integer | Lifetime of the token in seconds |
| refresh_token | string | Token used to refresh access token (optional) |
| scope | string | Scopes associated with the token |
HTTP Codes
| Code | Meaning |
|---|---|
| 200 | OK – Token issued successfully |
| 400 | Bad Request – Missing or invalid parameters |
| 401 | Unauthorized – Invalid client credentials or auth code |
| 500 | Internal Server Error |
