Skip to content

🔐 OAuth Endpoints Reference

Complete reference for all OAuth 2.0 authentication endpoints.

Token Exchange

Exchange authorization code for access tokens.

POST /api/oauth/token

Request Body

{
  "grant_type": "authorization_code",
  "code": "authorization_code",
  "client_id": "your_client_id",
  "client_secret": "your_client_secret",
  "code_verifier": "original_code_verifier"
}

Parameters

Parameter Type Required Description
grant_type string Must be authorization_code
code string Authorization code from callback
client_id string Your client ID
client_secret string Your client secret
code_verifier string Original PKCE code verifier

Responses

Status Response Body
200 
{
  "access_token": "new_access_token",
  "refresh_token": "new_refresh_token",
  "token_type": "Bearer",
  "expires_in": 3600,
  "scope": "miles:read miles:write"
}
400 
{
  "error": "invalid_grant",
  "error_description": "The refresh token is invalid or expired"
}

Token Refresh

Refresh expired access tokens.

POST /api/oauth/token

Request Body

{
  "grant_type": "refresh_token",
  "refresh_token": "refresh_token_value",
  "client_id": "your_client_id"
}

Parameters

Parameter Type Required Description
grant_type string Must be refresh_token
refresh_token string Valid refresh token
client_id string Your client ID

Responses

Status Response Body
200 
{
  "access_token": "new_access_token",
  "refresh_token": "new_refresh_token",
  "token_type": "Bearer",
  "expires_in": 3600,
  "scope": "miles:read miles:write"
}
400 
{
  "error": "invalid_grant",
  "error_description": "The refresh token is invalid or expired"
}