OAuth Token
## OAuth Token Exchange
Exchange an authorization code for an access token using the OAuth 2.0 Authorization Code flow.
### Endpoint
`POST {{baseUrl}}/oauth/token`
### Request Headers
| Header | Value |
|--------|-------|
| Content-Type | application/json |
| Accept | application/json |
### Request Body
| Field | Type | Description |
|-------|------|-------------|
| `code` | string | The authorization code received from the authorization server. |
| `clientId` | string | The client ID of your application. |
| `clientSecret` | string | The client secret of your application. |
| `redirectUri` | string | The redirect URI used during the authorization request. Must match exactly. |
| `grantType` | string | Must be `authorization_code` for this flow. |
| `refreshToken` | string | *(Optional)* A refresh token to obtain a new access token without re-authorization. |
### Example Request Body
```json
{
"code": "auth-code-123456",
"clientId": "client-id-123",
"clientSecret": "client-secret-123",
"redirectUri": "https://example.com/callback",
"grantType": "authorization_code",
"refreshToken": "refresh-token-123"
}
```
### Responses
#### ✅ 200 OK — Access token generated successfully
Returns an access token and related metadata.
#### ❌ 400 Bad Request — Invalid authorization code
Returned when the provided authorization code is invalid, expired, or already used.
---
Request
This endpoint expects an object.
code
clientId
redirectUri
clientSecret
grantType
refreshToken
