POST api/OAuth2

Exchanges an OAuth 2.0 authorization code for an access token.

Request

Body

Content Type: application/x-www-form-urlencoded
OAuth 2.0 token endpoint parameters.

Parameter	Remarks
`grant_type`	Must be 'authorization_code' or 'password'.
`client_id`	Client ID.
`code`	Where grant_type=authorization_code.
`redirect_uri`	Where grant_type=authorization_code.
`client_secret`	Where grant_type=authorization_code.
`username`	Where grant_type=password.
`password`	Where grant_type=password.

Response

Body

Content Type: application/json
Access token or an error message.

JSON
{ "access_token": "string", "expires_in": "int", // Token lifetime (in seconds) "username": "string", // Username associated with the access token "member_id": "long", // Unique member ID "customer_code": "string", // DDM licensing identity "error": "string" // Error code }

JSON

{                                
   "access_token": "string",     
   "expires_in": "int",          // Token lifetime (in seconds)
   "username": "string",         // Username associated with the access token
   "member_id": "long",          // Unique member ID
   "customer_code": "string",    // DDM licensing identity
   "error": "string"             // Error code
}

Status Codes

Code	Condition
200 OK	The operation completed successfully.
406 Not Acceptable	Content type specified in the Accept header isn't supported.
500 Internal Server Error	An internal error occurred.

Remarks

This is the final step in the OAuth 2.0 workflow. The authorization code obtained in the previous step is exchanged for an access token, which can then be used for all subsequent operations in the REST API.

client_id and redirect_uri must match the value specified in the original GET OAuth2 request. client_secret is the value recorded against the client ID in ContactsLaw.

This operation also supports the password grant type, which mirrors the behaviour of POST Authenticate.