post

/oauth2/token

This method can be used in the following scripts:

  • To exchange the user authentication code for a JWT.
  • To refresh the JWT when it is expired if your application needs access to the Login API beyond the JWT expiration period. Works only if scope=offline in the registration or authentication method.
  • To get the server JWT without user participation.

Request Body

Form data (application/x-www-form-urlencoded)
refresh_token
string

The refresh_token value received in the response to the last call of this method. Required if grant_type=refresh_token.

grant_type
string

The type of getting the JWT. Can be:

  • authorization_code to exchange the code received in the method to JWT. The value of the code parameter must be specified.
  • refresh_token to get the refreshed JWT when the previous value is expired. The value of the refresh_token parameter must be specified.
  • client_credentials to get the server JWT without user participation, the values of the client_id and client_secret parameters must be specified.
required
client_secret
string

Your secret key hashed according to the bcrypt algorithm. You got it after sending the request to enable OAuth 2.0. To get your secret key again, please contact your Account Manager.

client_id
string

Your application ID from Publisher Account. You will get it after sending the request to enable the OAuth 2.0 protocol.

required
redirect_uri
string

URL to redirect the user to after account confirmation, successful authentication, or password reset confirmation. To set up this parameter, please contact your Account Manager.

code
string

User authentication code that will be exchanged to a JWT. Required if grant_type=authorization_code.

Responses

OK

1 Example
Schema
object
access_token
string

The Xsolla Login JWT.

required
expire_in
integer

JWT expiration period in seconds. Default value is 3600 seconds.

refresh_token
string

Refresh the JWT for updating the access_token.

token_type
string

JWT type. Has 'bearer' value.

required

Send a Test Request

Send requests directly from the browser (CORS must be enabled)
$$.env
No $$.env variables are being used in this request.