Fetch access token
This endpoint allows apps to fetch access tokens. For user apps, use this endpoint after the /authorize
endpoint and the subsequent callback. For user apps this endpoint supports generation of access token from authorization code or from refresh token, sent in the previous authorize
endpoint’s callback. For system apps this endpoint can directly be used to get an access token, no prior /authorize
end point call is needed.
NOTE: Fetching a token for a system app via the browser on our developer portal WILL NOT WORK as browser requests to the token endpoint must use PKCE. Instead, send the request through a server side/native method and ensure the ‘Origin’ header isn’t present.
Headers
Required for user apps with authorization code flow without PKCE and for system apps. Basic authorization header should be created using the client ID and client secret of the app. The value should be derived as Basic base64encode(client_id:client_secret)
. Refer to https://datatracker.ietf.org/doc/html/rfc2617#section-2 for additional info.
Path Parameters
Use default
for user app flows. For system apps, use the tenant-specific server ID provided by fabric Identity (see Getting Started).
Body
Response
The response is of type object
.