Returns an OAuth access token.
Open in API Reference
The Square-issued ID of your application, available from the application dashboard.
The Square-issued application secret for your application, available from the application dashboard.
Specifies the method to request an OAuth access token. Valid values are: authorization_code, refresh_token, and migration_token
authorization_code
refresh_token
migration_token
The authorization code to exchange. This is required if grant_type is set to authorization_code, to indicate that the application wants to exchange an authorization code for an OAuth access token.
grant_type
Legacy OAuth access token obtained using a Connect API version prior to 2019-03-13. This parameter is required if grant_type is set to migration_token to indicate that the application wants to get a replacement OAuth access token. The response also returns a refresh token. For more information, see Migrate to Using Refresh Tokens.
The redirect URL assigned in the application dashboard.
A valid refresh token for generating a new OAuth access token. A valid refresh token is required if grant_type is set to refresh_token , to indicate the application wants a replacement for an expired OAuth access token.
OPTIONAL
A JSON list of strings representing the permissions the application is requesting. For example: "["MERCHANT_PROFILE_READ","PAYMENTS_READ","BANK_ACCOUNTS_READ"]" The access token returned in the response is granted the permissions that comprise the intersection between the requested list of permissions, and those that belong to the provided refresh token.
["MERCHANT_PROFILE_READ","PAYMENTS_READ","BANK_ACCOUNTS_READ"]
A boolean indicating a request for a short-lived access token. The short-lived access token returned in the response will expire in 24 hours.
curl https://connect.squareupsandbox.com/oauth2/token \ -X POST \ -H 'Square-Version: 2021-05-13' \ -H 'Content-Type: application/json'
// No response received yet.