post

/oauth2/token

Use this call:

  • To get a user JWT.
  • To refresh the JWT when it expires. Works only if scope=offline is passed in the registration or authentication call.
  • To get a server JWT. The user participation isn’t needed.

Usage of this call depends on the value of the grant_type parameter.

Request Body

Form data (application/x-www-form-urlencoded)
refresh_token
string

Value of this parameter received in the response to the last request of this call with authorization_code or refresh_token values in the grant_type parameter. Required if grant_type=refresh_token.

grant_type
string

The type of getting the JWT. Can be:

  • authorization_code to exchange the code received in the authentication call to the JWT. The value of the code parameter must be specified.
  • refresh_token to get the refreshed JWT when the previous value is expired. The value of the refresh_token parameter must be specified.
  • client_credentials to get the server JWT. The values of the client_id and client_secret parameters must be specified.
required
client_secret
string

Your secret key. The value for this parameter depends on the value of the grant_type parameter:

  • If it’s authorization_code, create an OAuth 2.0 client and use its secret key. Required if you created an OAuth 2.0 client with confidential authentication type.
  • If it’s client_credentials, contact your Account Manager to create a server OAuth 2.0 client and get its secret key. Required for this client type.

Note that values for client_secret and client_id parameters should be used from the same client.

client_id
string

Your application ID. The value for this parameter depends on the value of the grant_type parameter:

Note that values for client_secret and client_id parameters should be used from the same client.

required
redirect_uri
string

Value of redirect_uri used in the account confirmation or successful authentication call. To set up this parameter, contact your Account Manager.

code
string

Authentication code that is exchanged to a JWT. Required if grant_type=authorization_code.

Responses

OK

1 Example
Schema
object
access_token
string

Xsolla Login JWT.

required
expire_in
integer

JWT expiration period in seconds. Default value is 3600 seconds.

refresh_token
string

Value to refresh the JWT. Used for getting new access_token.

token_type
string

JWT type with bearer value.

required

Send a Test Request

Send requests directly from the browser (CORS must be enabled)
$$.env
No $$.env variables are being used in this request.