# Oauth token

- Authorization code: Exchange code for access_token and refresh_token.
- Refresh: Use refresh_token to get a new access_token (access tokens expire after 5 minutes).
Send body as application/x-www-form-urlencoded.

Endpoint: POST /oauth/token
Version: 1.0.0
Security: 

## Request fields (application/x-www-form-urlencoded):

  - `client_id` (string, required)
    Example: "3468d2767c98565c"

  - `client_secret` (string, required)
    Example: "aee0fc19fhgxf37ccfa853dd93b134836"

  - `grant_type` (string, required)
    Enum: "authorization_code", "refresh_token"

  - `redirect_uri` (string)
    Required for authorization_code
    Example: "https://myloginpage.domain.com"

  - `code` (string)
    Required for authorization_code
    Example: "aee0fc19fhgxf37ccskfdn9af238bnqwe8w03n93r8bb98r23b"

  - `refresh_token` (string)
    Required for refresh_token
    Example: "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7InVzZXJfaWQiOjY5NywiY29tcGFueV9pZCI6MTI0MywicGFydG5lciI6MTAsInZlcnNpb24iOjN9fQ.3I0rhYhH7Wyfw-_HodPByRFdmVZygg8VB_77X7JCw"

## Response 200 fields (application/json):

  - `access_token` (string)
    Example: "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7InVzZXJfaWQiOjY5NywiY29tcGFueV9pZCI6MTI0MywicGFydG5lciI6MTAsInZlcnNpb24iOjN9fQ.3I0rhYhH7Wyfw-_HodPByRFdmVZygg8VB_77X7JCw"

  - `refresh_token` (string)
    Example: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IlJqaEROemRDUlVKRVEwTTVSVFE0TmtZME9UZzVNVEpDTlVJNFJqRTBPREExTmpZMk1qazFPQSJ9.eyJodHRwOi8vbWF0dHIvdGVuYW50LWlkIjoiNTcwYTcyOGEt"