Obtain token

The authorization code to exchange. This code is required if grant_type is set to authorization_code to indicate that the application wants to exchange an authorization code for an OAuth access token.

A legacy OAuth access token obtained using a Connect API version prior to 2019-03-13. This parameter is required if grant_type is set to migration_token to indicate that the application wants to get a replacement OAuth access token. The response also returns a refresh token. For more information, see Migrate to Using Refresh Tokens.

The redirect URL assigned in the OAuth page for your application in the Developer Dashboard.

A valid refresh token for generating a new OAuth access token.

A valid refresh token is required if grant_type is set to refresh_token to indicate that the application wants a replacement for an expired OAuth access token.

A JSON list of strings representing the permissions that the application is requesting. For example, "["MERCHANT_PROFILE_READ","PAYMENTS_READ","BANK_ACCOUNTS_READ"]".

The access token returned in the response is granted the permissions that comprise the intersection between the requested list of permissions and those that belong to the provided refresh token.

A Boolean indicating a request for a short-lived access token.

The short-lived access token returned in the response expires in 24 hours.