Skip to main content
POST
/
api
/
auth
/
oauth
/
exchange
Exchange OAuth code for tokens (PKCE)
curl --request POST \
  --url https://api.example.com/api/auth/oauth/exchange \
  --header 'Content-Type: application/json' \
  --data '
{
  "code": "abc123...",
  "code_verifier": "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk"
}
'
{
  "user": {
    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "email": "jsmith@example.com",
    "profile": {
      "name": "<string>",
      "avatar_url": "<string>"
    },
    "metadata": {},
    "emailVerified": true,
    "providers": [
      "<string>"
    ],
    "createdAt": "2023-11-07T05:31:56Z",
    "updatedAt": "2023-11-07T05:31:56Z"
  },
  "accessToken": "<string>",
  "refreshToken": "<string>"
}

Body

application/json
code
string
required

The insforge_code received from OAuth callback redirect

Example:

"abc123..."

code_verifier
string
required

The original code_verifier used to generate code_challenge. Must be 43-128 characters, using [A-Za-z0-9-._~]

Example:

"dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk"

Response

Tokens exchanged successfully

user
object
accessToken
string

JWT access token for API authentication

refreshToken
string

Refresh token for obtaining new access tokens