This endpoint consumes an authorization code and passes back an access token for a user. JWT Profile for access tokens is supported and configurable via client settings.



If the /token endpoint receives five (5) attempts (either successful or failed) within a minute, it will return a 429 Too Many Requests error response. This will block the user account for 5 minutes and will automatically be unblocked when the time has passed.

This is a sample of code-for-token exchange with email via API call:

curl --request POST \
     --url \
     --header 'Accept: application/json' \
     --header 'Content-Type: application/json' \
     --data '
     "client_id": "c8462jyq9dnupu2q4j7sfjzvn6c87j92",
     "code": "xkh5eth948e4ej",
     "grant_type": "authorization_code",
     "redirect_uri": "",
     "auth_type": "email",
     "user_id": "[email protected]"
Click Try It! to start a request and see the response here!