Step 3:Token Exchange

With this step, learn how to get the access token by exchanging the authorization token and access Xoxoday resources.

How to get the Access Token:

To get the access_token the client server must make a POST request via the terminal as define below:

curl -X POST {OAUTH_URL}/v1/oauth/token/{token_type}
-d '{
"grant_type":"authorization_code",
"code":"exxxx69660xxxxa6413c17d897xxxxx99",
"redirect_uri":"{client_redirect_url}",
"client_id":"{client_id}",
"client_secret":"{client_secret}"
}'

Different variables associated with the POST request are described below:

Parameters

Description

token_type (required)

user

grant_type(required)

grant_type values supported by Xoxoday - authorization_code, refresh_token

code (required)

Temporary code received in step 2

redirect_uri(required)

Same url shared in the step 1

client_id(required)

client_id received in the step 1

client_secret (required)

client_secret received in step 1

If the request is validated based on the parameters defined in the POST request by Xoxoday server, successful response will be of format shown below:

{
"access_token": "eyJ0b2tlbkNvbnRlbnQiOnsiaXNzdWVkRm9yIjoiRnJlc2h3b3JrcyIsInNjb3BlIjoiIiwiaXNzdWVkQXQiOjE1NTk4MDQ1NTAxMzYsImV4cGlyZXNBdCI6IjIwMTktMDctMDZUMDc6MDI6MzAuMTM2WiIsInRva2VuX3R5cGUiOiJDT01QQU5ZIn0sImFfdCI6ImY3ZWM1MWMyYmE0ZGNmNzY2ZWE0ZDExMTI3ZjEzZjQzZjAwZmNhN2EifQ==",
"token_type": "bearer",
"expires_in": 2592000,
"refresh_token": "064be187f42e9238122ef9d7a985c8800dff3752",
"email":"[email protected]"
}

Different parameters in the response shown are described below:

Parameters

Description

access_token

Bearer token used to access Xoxoday APIs

token_type

Bearer to be passed in the Authorization header

expires_in

Duration in seconds for which the access_token is valid. Default - 15 days

refresh_token

Value to regenerate expired access_token. Valid for 30 days.

Visual representation to understand STEP 2 and STEP 3

PLEASE NOTE:

OAUTH_URL value for Development - https://stagingaccount.xoxoday.com/chef

Production - https://accounts.xoxoday.com/chef