How to exchange an authorisation code for an access token
Once you have obtained the authorisation code from the user, you can proceed to exchange it for an access token. When making this exchange, it is recommended to request the "offline_access" scope, which allows you to receive a refresh token in addition to the access token.
To perform the code-to-token exchange, you need to make a POST request to the token endpoint provided by the ApprovalMax API. This endpoint is responsible for handling the exchange process and providing you with the necessary token.
- POST https://identity.approvalmax.com/connect/token
The POST request should include the following parameters in the request body:
- POST https://identity.approvalmax.com/connect/token
- Content-Type: application/x-www-form-urlencoded
- grant_type=authorization_code
- &code=CODE
- &redirect_uri=YOUR_REDIRECT_URI
- &client_id=client_id
- &client_secret=client_secret
grant_type=authorization_code
: set this parameter to "authorization_code" to indicate that you are exchanging a verification code for a token.
code
: include the verification code obtained from the user in this parameter.
redirect_uri
: include the redirect URI that was used during the authorisation process.
clientId
: specify your client app key from your application created on the Developer Portal to identify your application.
clientSecret
: provide your app secret key from your application created on the Developer Portal to authenticate your application.
Related Articles
How to grant access to an Organisation via the ApprovalMax Public API
This is how you grant access to an Organisation via the ApprovalMax API: 1. Initiate a user authorisation: generate an URL with the necessary parameters to direct the Account Owner / Account Manager / Organisation Administrator to the ApprovalMax ...
Redirecting users back to your application with an authorisation code
When users authorise your app and interact with the ApprovalMax Public API, the API will redirect them back to the redirect_uri that you have specified. During this redirection process, certain parameters will be included in the URL: code: represents ...
A list of endpoints available in the Public API
For making calls against the API, please refer to the endpoints below, or to the swagger : Endpoints Description GET /ping This endpoint is used for checking the overall availability and responsiveness of the ApprovalMax Public API. When a GET ...
Prerequisites for using the Public API
Before proceeding with the authorisation process for the ApprovalMax Public API feature, there are certain prerequisites that need to be met. These include: 1. Granting access to the Developer Portal: in order to access the Developer Portal and ...
How to initiate an authorisation process
To initiate the authorisation process, you need to create a URL with the necessary parameters that will redirect the user to the ApprovalMax system for authorisation. When incorporating values that should be added as parameters into the URL, the ...