search

Retrieving the Access Token

hashtag
Getting the code

If the user has accepted the link, we will redirect the flow to your redirect_uri URI with two query string parameters:

  • code: You will need the code to make an API call to retrieve the access token.

  • state(optional): The state params that you passed in the previous redirect (if any).

Note: if the user has denied the request, we will redirect to your redirect_uri URI with the error access_denied. The code has a short expiration time (~ 1minute).

hashtag
Getting the access token

Now that you have a valid code, you can make a request to POST https://api.matrica.io/oauth2/tokenwith these params:

  • grant_type : Must be set to authorization_code

  • code : The code that you received.

  • redirect_uri : The callback redirect URI originally requested.

  • client_id : Your application ID.

  • client_secret (optional): Only if your application is set to "Private".

  • code_verifier : PKCE code verifier.

circle-info

Content-Type must be application/x-www-form-urlencoded

If everything matches up, the API call will respond with this JSON object:

{
    "access_token": "qwertyuio123456",
    "token_type": "Bearer",
    "refresh_token": "qwertyuiopasdfghjk",
    "expires_in": 3600,
    "scope": "profile"
}

You can use the access_token to make calls to the OAuth 2.0 APIs (see here) and get the information you have access to (depending on the scopes).

hashtag
Refresh token

Store the refresh_token safely and use it to get a new access_token once it has expired by calling POST https://api.matrica.io/oauth2/token with these params:

  • refresh_token : The refresh token.

  • grant_type : Must be set to refresh_token.

  • client_id : Your application ID.

  • client_secret (optional): Only if your application is "Private".

PreviousInitial RedirectNextAPI Reference

Last updated