Success Response

All successful responses (HTTP Status Code 200 Success) will include access and refresh tokens.

{
  "access_token": "<string>",
  "token_type": "Bearer",
  "expires_in": 3600,
  "refresh_token": "<string>"
}

Parameter	Description
access_token <string>	Access Token
token_type <string>	Access Token Type (Default: `Bearer`)
expires_in <int>	Access Token TTL
data.refresh_token <string>	Refresh Token

🚧
Legacy Response Format
The response format shown below is only maintained for existing integrations using the deprecated GET /oauth/token endpoint. New integrations using the recommended POST /oauth/token endpoint will receive the standard OAuth response format described above.
{
  "success": true,
  "data": {
    "access_token": "<string>",
    "token_type": "bearer",
    "refresh_token": "<string>",
    "ttl": "<string>",
    "issued_at": "<string>",
    "expires_at": "<string>"
  }
}
Parameter Description
success <bool> Boolean value representing the success/failure state of the request
data <object> The data object containing the Access & Refresh tokens, along with their properties
data.access_token <string> Access Token
data.token_type <string> Access Token Type (Default: bearer)
data.refresh_token <string> Refresh Token
data.ttl <string> Access Token TTL
data.issued_at <string> Access Token issue date in format: Y-m-d\TH:i:s\Z
data.expires_at <string> Access Token expiry date in format: Y-m-d\TH:i:s\Z

Parameter	Description
success <bool>	Boolean value representing the success/failure state of the request
data <object>	The data object containing the Access & Refresh tokens, along with their properties
data.access_token <string>	Access Token
data.token_type <string>	Access Token Type (Default: `bearer`)
data.refresh_token <string>	Refresh Token
data.ttl <string>	Access Token TTL
data.issued_at <string>	Access Token issue date in format: `Y-m-d\TH:i:s\Z`
data.expires_at <string>	Access Token expiry date in format: `Y-m-d\TH:i:s\Z`

Error Response

All error responses will contain the following standardized error payload:

{
  "error": "<string>",
  "error_description": "<string>"
}

Parameter	Description
error <string>	A standardized OAuth 2.0 error code. Possible values include: `server_error`, `invalid_client`, `invalid_grant`, `unauthorized_client`, `unsupported_grant_type`, `invalid_request`
error_description <array[string]>	A human-readable message explaining the error in more detail.

🚧
Legacy Response Format
The response format shown below is only maintained for existing integrations using the deprecated GET /oauth/token endpoint. New integrations using the recommended POST /oauth/token endpoint will receive the standard OAuth response format described above.
{
  "success": false,
  "errorMessage": "<string>",
  "errorDetails": "<array[string]>",
  "errorCode": "<string>"
}
Parameter Description
success <bool> Boolean value representing the success/failure state of the request. This will equal false for all error responses
errorMessage <string> A generalized human-readable message describing the error (i.e., Redirect URI is invalid, Missing required params, Invalid grant type).
errorDetails <array[string]> OPTIONAL. This field contains additional human-readable messages providing further context. For example, when parameters are missing, this property will contain the list of missing parameters.
errorCode <string> The errorCode property will contain a machine-readable string describing the error. Refer to the Error Codes page for a comprehensive list of all possible error code values.

Token Exchange Response

Success Response

🚧
Legacy Response Format

Error Response

🚧
Legacy Response Format

Success Response

🚧Legacy Response Format

Error Response

🚧Legacy Response Format

🚧
Legacy Response Format

🚧
Legacy Response Format