Skip to main content


This is the flow that mobile apps use to access an API. Use this endpoint to exchange an Authorization Code for a Token.


grant_typestrDenotes the flow you are using. For Authorization Code, use authorization_code or refresh_token.
client_idstrYour application's Client ID.
codestrThe Authorization Code received from the initial /authorize call.
redirect_uristrThis is required only if it was set at the GET /authorize endpoint. The values must match.
code_verifierstrCryptographically random key that was used to generate the code_challenge passed to /authorize.
audiencestrThe audience domain: i.e.[optional]