Exchange authorization code or refresh token for access token
OAuth
交换 Token
Supports both application/json and application/x-www-form-urlencoded. Use grant_type=authorization_code to exchange an auth code, or grant_type=refresh_token to refresh an expired access token.
POST
Exchange authorization code or refresh token for access token
client_id 和 client_secret 必须在请求体中传递,不支持 Basic Auth Header。使用场景
1. 用授权码换取 Token
用户在授权页面同意后,你的redirect_uri 会收到 code 参数。用它换取 access token:
2. 用 Refresh Token 续期
Access token 有效期 1 小时。过期后用 refresh token 获取新的 token 对:常见错误
| 错误 | 原因 |
|---|---|
Missing client credentials | 请求体缺少 client_id 或 client_secret |
Invalid client credentials | client_id 不存在或 client_secret 不匹配 |
Invalid or expired authorization code | 授权码已过期(5 分钟有效)或已被使用 |
redirect_uri mismatch | redirect_uri 与授权请求时的不一致 |
Invalid or expired refresh token | Refresh token 无效、已过期(90 天)或已被轮换 |
请求体
OAuth grant type
可用选项:
authorization_code, refresh_token Your application UUID
示例:
"your-app-uuid"
Your application secret (plaintext)
Authorization code from the callback redirect (required when grant_type=authorization_code)
Must exactly match the redirect_uri used in the authorization request (required when grant_type=authorization_code)
示例:
"https://your-app.com/callback"
Refresh token from a prior token response (required when grant_type=refresh_token)

