Authorization code
This topic describes how to exchange an authorization code for an access token on Optimizely's authorization server.
After you obtain an authorization code, you can exchange this authorization code for an access token by issuing an HTTPS POST request to Optimizely's authorization server.
The examples below show an example request and a successful response. The response will include an access token (with a lifetime of two hours) as well as arefresh token that can be used to request more access tokens after the initial access token expires.
Definitions
- code – The authorization code returned in the redirect.
- client_id – The client ID for your application (seeapp settings).
- client_secret – client secret for your application (seeapp settings).
- redirect_uri – The redirect URI used when requesting the authorization code.
- grant_type – Defined in the OAuth 2.0 spec, this field must contain a value of
authorization_code.
Example POST request
POST https://app.optimizely.com/oauth2/token ?code=asdbawejksd &client_id=123 &client_secret=iamverysecret &redirect_uri=http%3A%2F%2Fmyapplication.com &grant_type=authorization_codeExample JSON response
{ "access_token": "abcdefghijklmnopqrstuvwxyz", "expires_in": 7200, "token_type": "bearer", "refresh_token": "1234567890abcdefghijklmnopqrstuvwxyz"}Updated 9 days ago