Step 13: Generate the access token
POST {{authPath}}/{{envID}}/as/token
The token endpoint is used by the client to obtain an access token by presenting its authorization grant. For authorization_code grants, the application calls the POST /{{envID}}/as/token endpoint to acquire the access token. The request body must include values for the following properties:
grant_type
A string that specifies the grant type of the token request. In this example, the value is authorization_code.
code
A string that specifies the authorization code value returned by the authorization request.
redirect_uri
A string that specifies the URL that specifies the return entry point of the application.
Note: The request requires basic authentication, in which the application ID from Step 1 and the application secret from Step 2 are used to authenticate. In a curl command, you can use the --user parameter to satisfy the basic authentication requirement like this: --user "{{appID}}:{{appSecret}}".
The response data contains the access token and the ID token.
Request Body
[{"name"=>"grant_type", "value"=>"authorization_code", "datatype"=>"string"}, {"name"=>"code", "value"=>"{{authCode}}", "datatype"=>"string"}, {"name"=>"redirect_uri", "value"=>"https://www.example.com", "datatype"=>"string"}, {"name"=>"client_id", "value"=>"{{AppWithCodeGrantID}}", "datatype"=>"string"}, {"name"=>"client_secret", "value"=>"{{AppWithCodeGrantSecretID}}", "datatype"=>"string"}]
HEADERS
| Key | Datatype | Required | Description |
|---|---|---|---|
Authorization | string | ||
Content-Type | string |