Step 9: Get the access token
POST {{authPath}}/{{envID}}/as/token
The token endpoint is used by the client to obtain an access token by presenting the client's authorization grant. For authorization_code grants, the application calls the POST /{{envID}}/as/token endpoint to acquire the access token. The request body must include values for the following properties:
grant_type
A string that specifies the grant type of the token request. In this example, the value is authorization_code.
code
A string that specifies the authorization code value returned by the authorization request.
redirect_uri
A string that specifies the URL that specifies the return entry point of the application.
code_verfier
The value used to create the code_challenge value passed to the authorization server in the request.
client_id
A string that specifies the application's UUID, which was returned in Step 1.
The response data contains the access token.
Request Body
[{"name"=>"grant_type", "value"=>"authorization_code", "datatype"=>"string"}, {"name"=>"code", "value"=>"{{authCode}}", "datatype"=>"string"}, {"name"=>"redirect_uri", "value"=>"https://example.com", "datatype"=>"string"}, {"name"=>"scope", "value"=>"openid", "datatype"=>"string"}, {"name"=>"code_verifier", "value"=>"{{code_verifier}}", "datatype"=>"string"}, {"name"=>"client_id", "value"=>"{{SPAppWithAuthCodeGrantID}}", "datatype"=>"string"}]
HEADERS
| Key | Datatype | Required | Description |
|---|---|---|---|
Content-Type | string |