token
Description
The OAuth token endpoint for all access and refresh token requests. Ideally, the client should authenticate using HTTP Basic Authentication as described in the OAuth 2.0 RFC, though you can also POST the client_id and client_secret directly.
Authorization Grant: Once you've been granted an Authorization Code using our authorization end point (https://my.foxycart.com/authorize), you POST to the token endpoint with a grant_type=authorization_code&code={authorization_code}&redirect_uri={redirect_uri} (If not doing HTTP Basic Auth, you will have to also include the &client_id={client_id}&client_secret={client_secret}). The response will give you your access_token and refresh_token.
Refresh Token: The OAuth endpoint for obtaining a new access_token using an existing refresh_token. Access tokens expire after 7200 seconds (2 hours) and refresh tokens expire after 315360000 seconds (10 years). Post www-form-url-encoded data as follows: grant_type=refresh_token&refresh_token={refresh_token} (If not doing HTTP Basic Auth, you will have to also include the &client_id={client_id}&client_secret={client_secret}).
This token response, including both the access_token and refresh_token should be saved in your database according to your OAuth needs.
Actions
- POST
- Post here to update an OAuth access_token using a refresh_token.
- OPTIONS
- Get a response explaining which HTTP methods are supported
Properties
| Property | Description | Type | Constraints |
|---|---|---|---|
| grant_type | The OAuth grant type being requested as used for Refresh Tokens and the Authorization Code Grant. | String | Required. refresh_token or authorization_code. |
| refresh_token | The OAuth refresh token. This token is returned in the response whenever creating a client, user or store or when doing an authorization code grant. | String | Required for grant_type=refresh_token |
| code | Authorization Code granted via the Authorization Code grant. | String | Required for grant_type=authorization_code |
| redirect_uri | The redirect uri defined for this OAuth client. Used when doing Authorization Code grant and it must match what is stored for the OAuth client. | String | Required for grant_type=authorization_code |
| client_id | The client_id for your FoxyCart client resource. | String | Required unless using HTTP Basic Auth |
| client_secret | Although the OAuth 2.0 spec supports passing the client secret as a url param, it is much better to use HTTP Basic auth instead. | String | Required unless using HTTP Basic Auth |
Example Representation
POST Response:
{"access_token":"57b903451f228d85dd4b3a8c1fa99457f4516550","expires_in":7200,"token_type":"bearer","scope":"client_full_access","refresh_token":"bf7e34836f98834f3ab5a98c4d1039d7f57980cd"}
Zoomable Resources
This resource has no linked resources which can be "zoomed" in on, filtered and embedded within this resource.