Skip to main content
POST
/
oauth
/
token
cURL
curl --request POST \
  --url https://api.sandbox.humanity.org/v2/oauth/token \
  --header 'Content-Type: application/json' \
  --data '
{
  "grant_type": "<unknown>",
  "code": "<string>",
  "redirect_uri": "<string>",
  "client_id": "<string>",
  "code_verifier": "<string>"
}
'
{
  "access_token": "<string>",
  "token_type": "<unknown>",
  "expires_in": 123,
  "scope": "<string>",
  "granted_scopes": [
    "<string>"
  ],
  "authorization_id": "<string>",
  "app_scoped_user_id": "<string>",
  "issued_at": "<string>",
  "refresh_token": "<string>",
  "refresh_token_expires_in": 123,
  "refresh_issued_at": "<string>",
  "id_token": "<string>"
}
SDK equivalent
const tokens = await sdk.exchangeCodeForToken(code, codeVerifier);
Exchange an authorization code for tokens or refresh existing sessions. Populate the body with either:
  • grant_type=authorization_code, code, redirect_uri, code_verifier
  • grant_type=refresh_token, refresh_token
Tokens inherit the scopes approved in the /oauth/authorize step. Use the companion POST /oauth/revoke operation to invalidate a refresh or access token when a user withdraws consent.

Body

application/json
grant_type
any
required
code
string
required
redirect_uri
string
required
client_id
string
required
code_verifier
string
required

Response

200 - application/json
access_token
string
required
token_type
any
required
expires_in
number
required
scope
string
required
granted_scopes
string[]
required
authorization_id
string
required
app_scoped_user_id
string
required
issued_at
string
refresh_token
string
refresh_token_expires_in
number
refresh_issued_at
string
id_token
string