Exchange authorization code or refresh token

Exchange an authorization code for access and refresh tokens, or use a refresh token to obtain a new access token.

This endpoint supports two grant types:

  • authorization_code — Exchange the authorization code received from the OAuth callback for access and refresh tokens.
  • refresh_token — Use a valid refresh token to obtain a new access token without requiring re-authorization.

Access tokens expire after 60 minutes. Use the refresh_token grant type to obtain a new access token before expiry.

Body
required
application/json
Responses
  • application/json
  • application/json
  • application/json
Request Example for post/v1/oauth2/token
curl https://auth.foundation.dev.trusspayments.com/v1/oauth2/token \
  --request POST \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data-urlencode 'grant_type=authorization_code' \
  --data-urlencode 'code=your-authorization-code' \
  --data-urlencode 'redirect_uri=https://yourapp.com/oauth/callback' \
  --data-urlencode 'client_id=your-client-id' \
  --data-urlencode 'client_secret=your-client-secret'

{
  "access_token": "string",
  "refresh_token": "string",
  "token_type": "bearer",
  "expires_in": 1,
  "scope": "string"
}

Token exchange successful