Generate JWT

post/oauth2/token

Use this call:

To get a user JWT.
To refresh the JWT when it expires. Works only if scope=offline is passed in the registration or authentication call.
To get a server JWT. The user participation isn’t needed.

Usage of this call depends on the value of the grant_type parameter.

Request

Request Body schema: application/x-www-form-urlencoded

grant_type required	string The type of getting the JWT. Can be: `authorization_code` to exchange the code received in the authentication call to the JWT. The value of the `code` parameter must be specified. `refresh_token` to get the refreshed JWT when the previous value is expired. The value of the `refresh_token` parameter must be specified. `client_credentials` to get the server JWT. The values of the `client_id` and `client_secret` parameters must be specified.
client_id required	string Your application ID. The value for this parameter depends on the value of the `grant_type` parameter: If it’s `authorization_code`, create an OAuth 2.0 client and use its client ID. If it’s `client_credentials`, contact your Account Manager to create a server OAuth 2.0 client and get its client ID. Note that values for `client_secret` and `client_id` parameters should be used from the same client.
refresh_token	string Value of this parameter received in the response to the last request of this call with `authorization_code` or `refresh_token` values in the `grant_type` parameter. Required if `grant_type=refresh_token`.
client_secret	string Your secret key. The value for this parameter depends on the value of the `grant_type` parameter: If it’s `authorization_code`, create an OAuth 2.0 client and use its secret key. Required if you created an OAuth 2.0 client with confidential authentication type. If it’s `client_credentials`, contact your Account Manager to create a server OAuth 2.0 client and get its secret key. Required for this client type. Note that values for `client_secret` and `client_id` parameters should be used from the same client.
redirect_uri	string Value of `redirect_uri` used in the account confirmation or successful authentication call. To set up this parameter, contact your Account Manager.
code	string Authentication code that is exchanged to a JWT. Required if `grant_type=authorization_code`.

Responses

200

400

Bad Request

404

Not Found

418

I’m a teapot

422

Unprocessable Entity

429

Too Many Requests

Request samples

curl -i -X POST \
  https://login.xsolla.com/api/oauth2/token \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d refresh_token=string \
  -d grant_type=string \
  -d client_secret=string \
  -d client_id=string \
  -d redirect_uri=string \
  -d code=string

Response samples

application/json

{"access_token": "2YotnFZFEjr1zCsicMWpAA",
"expires_in": 3600,
"refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",
"token_type": "bearer"
}