# Retrieving the Access Token ### Getting the code If the user has accepted the link, we will redirect the flow to your `redirect_uri` URI with two query string parameters: * `code`: You will need the code to make an API call to retrieve the access token. * `state`(optional): The `state` params that you passed in the previous redirect (if any). **Note**: if the user has denied the request, we will redirect to your `redirect_uri` URI with the error `access_denied`. The code has a short expiration time (\~ 1minute). ### Getting the access token Now that you have a valid code, you can make a request to `POST https://api.matrica.io/oauth2/token`with these params: * `grant_type` : Must be set to `authorization_code` * `code` : The code that you received. * `redirect_uri` : The callback redirect URI originally requested. * `client_id` : Your application ID. * `client_secret` (optional): Only if your application is set to "Private". * `code_verifier` : PKCE code verifier. {% hint style="info" %} Content-Type must be `application/x-www-form-urlencoded` {% endhint %} If everything matches up, the API call will respond with this JSON object: ```json { "access_token": "qwertyuio123456", "token_type": "Bearer", "refresh_token": "qwertyuiopasdfghjk", "expires_in": 3600, "scope": "profile" } ``` You can use the `access_token` to make calls to the OAuth 2.0 APIs (see [here](/matrica-connect/api-reference.md#user-data-requests)) and get the information you have access to (depending on the scopes). ### Refresh token Store the `refresh_token` safely and use it to get a new `access_token` once it has expired by calling `POST https://api.matrica.io/oauth2/token` with these params: * `refresh_token` : The refresh token. * `grant_type` : Must be set to `refresh_token`. * `client_id` : Your application ID. * `client_secret` (optional): Only if your application is "Private". --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.matrica.io/matrica-connect/retrieving-the-access-token.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.