Exchange authorization code or refresh token

Exchange an authorization code for access and refresh tokens, or use a refresh token to obtain a new access token.

This endpoint supports two grant types:

  • authorization_code — Exchange the authorization code received from the OAuth callback for access and refresh tokens.
  • refresh_token — Use a valid refresh token to obtain a new access token without requiring re-authorization.

Access tokens expire after 60 minutes. Use the refresh_token grant type to obtain a new access token before expiry.

Body
required
application/x-www-form-urlencoded

  • Request body for exchanging an authorization code for tokens

    • client_id
      Type: string
      required

      Your application's client ID

    • client_secret
      Type: string
      required

      Your application's client secret

    • code
      Type: string
      required

      The authorization code received from the OAuth callback

    • grant_type
      enum
      const:  
      authorization_code
      required

      Must be authorization_code

      values
      • authorization_code
    • redirect_uri
      Type: stringFormat: uri
      required

      Must match the redirect_uri used in the authorization request

Responses
  • application/json
  • application/json
  • application/json
Request Example for post/v1/oauth2/token
curl https://auth.foundation.dev.trusspayments.com/v1/oauth2/token \
  --request POST \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data-urlencode 'grant_type=authorization_code' \
  --data-urlencode 'code=your-authorization-code' \
  --data-urlencode 'redirect_uri=https://yourapp.com/oauth/callback' \
  --data-urlencode 'client_id=your-client-id' \
  --data-urlencode 'client_secret=your-client-secret'

{
  "access_token": "string",
  "refresh_token": "string",
  "token_type": "bearer",
  "expires_in": 1,
  "scope": "string"
}

Token exchange successful