How to exchange an authorisation code for an access token

How to exchange an authorisation code for an access token

Once you have obtained the authorisation code from the user, you can proceed to exchange it for an access token. When making this exchange, it is recommended to request the "offline_access" scope, which allows you to receive a refresh token in addition to the access token.

To perform the code-to-token exchange, you need to make a POST request to the token endpoint provided by the ApprovalMax API. This endpoint is responsible for handling the exchange process and providing you with the necessary token.

The POST request should include the following parameters in the request body:

  1. POST
  2. Content-Type: application/x-www-form-urlencoded
  3. grant_type=authorization_code 
  4. &code=CODE
  5. &redirect_uri=YOUR_REDIRECT_URI 
  6. &client_id=client_id
  7. &client_secret=client_secret
  • grant_type=authorization_code: set this parameter to "authorization_code" to indicate that you are exchanging a verification code for a token.

  • code: include the verification code obtained from the user in this parameter.

  • redirect_uri: include the redirect URI that was used during the authorisation process.

  • clientIdspecify your client app key from your application created on the Developer Portal to identify your application.

  • clientSecret: provide your app secret key from your application created on the Developer Portal to authenticate your application.

    • Related Articles

    • How to grant access to an Organisation in the ApprovalMax Public API

      The process of granting access to an Organisation consists of the following steps: 1. Initiate user authorisation: generate an URL with the necessary parameters. This URL will direct account owners/ account managers to the ApprovalMax Public API ...
    • Redirecting users back to your application with an authorisation code

      When users authorise your app and interact with the ApprovalMax Public API, the API will redirect them back to the redirect_uri that you have specified. During this redirection process, certain parameters will be included in the URL: code: represents ...
    • The list of endpoints available in Public API

      To make calls against the APIs, please refer to the endpoints below or to the swagger: Endpoints Description GET /ping In the ApprovalMax Public API, the GET /ping endpoint is a simple endpoint used for checks the overall availability and ...
    • Prerequisites for using the Public API

      Before proceeding with the authorisation process for the ApprovalMax Public API feature, there are certain prerequisites that need to be met. These include: 1. Granting access to the Developer Portal: in order to access the Developer Portal and ...
    • How to initiate an authorisation process

      To initiate the authorisation process, you need to create a URL with the necessary parameters that will redirect the user to the ApprovalMax system for authorisation. When incorporating values that should be added as parameters into the URL, the ...