Obtain or refresh an access_token

post https://sandbox.oauth.penneo.cloud/oauth/token

Obtain a new access_token by exchanging an authorization code, a refresh_token or api_keys.

Body Params

grant_type

string

required

redirect_uri

uri

Required only if using the Authorization Code grant.
The registered callback URI.

It's the same URI used in the POST /oauth/authorize request.

refresh_token

string

Required only if using the Refresh Token Grant.

Use the value of the previously stored refresh_token.

client_id

string

required

The alphanumeric client_id obtained after registering your application/integration.

client_secret

string

required

The alphanumeric client_secret obtained after registering your application/integration.

scope

string

A list of space-separated scopes that your application will have access to on behalf of the user.

code

string

Required only if using the Authorization Code Grant.

Use the value of the code parameter attached to callback request.

code_verifier

string

Required only for Authorization Code Grant.

Use the value that was used to create code challenge in /authorize request

key

string

Required only for the api_keys grant.

API Key generated in Penneo user settings.

digest

string

Required only for the api_keys grant.

Concatenation of the raw nonce, timestamp, and API secret, then SHA-1 hashed, and finally
Base64-encoded. The nonce, while sent as a Base64-encoded string, is used in its raw form to
generate this digest.

nonce

string

Required only for the api_keys grant. Used to generate the digest parameter.

A randomly generated string, no longer than 64 characters. It should be sent Base64-encoded.

created_at

string

Required only for the api_keys grant. Used to generate the digest parameter.

Current date and time in UTC or including timezone. Most standard formats are supported.

Responses

200OK

400Bad Request

401Unauthorized

500Internal Server Error