The client must make sure that the state matches the provided state value provided to the authorization endpoint. This protects against CSRF type of attacks. The code expires one minute after it has been created.
Exchange the authorization code for an access token
The client sends the previously received authorization code to the token endpoint which then returns an access token.
Request
1
POST https://api.dev.receipthero.io/api/oauth/token
2
3
Content-Type: application/json
4
5
{
6
"grant_type": "authorization_code",
7
"code": "{CODE_HERE}",
8
"client_id": "{CLIENT_ID_HERE}",
9
"client_secret": "{CLIENT_SECRET_HERE}",
10
"redirect_uri": "{REDIRECT_URI_HERE}"
11
}
Copied!
The request can be made in either application/json or application/x-www-form-urlencoded.