post
https://merchant.shuttleglobal.com/token
Client authentication can be provided either:
- In the request body using client_id and client_secret parameters, or
- Using HTTP Basic authentication with client_id as username and client_secret as password
If both are provided, Basic authentication takes precedence.
Original description: |
This endpoint supports two use cases:
-
Authorization Code Exchange:
- Use this when you have received an authorization code from the /authorize flow
- Required parameters: grant_type=authorization_code, code, redirect_uri, client_id, client_secret
- Returns both access_token and refresh_token
- The redirect_uri must match the one used in the original /authorize request
- The authorization code must be exchanged within 15 minutes of being generated
- Each authorization code can only be exchanged once
-
Refresh Token Exchange:
- Use this to get a new access_token when your current one expires
- Required parameters: grant_type=refresh_token, refresh_token, client_id, client_secret
- Returns only access_token (refresh_token remains the same)
- No redirect_uri needed for this flow
Notes:
- Access tokens expire after 1 hour (3600 seconds)
- Always store refresh_tokens securely - they are long-lived credentials
- If a refresh_token becomes compromised, obtain a new authorization code through the /authorize flow
Recent Requests
Log in to see full request history
| Time | Status | User Agent | |
|---|---|---|---|
Retrieving recent requests… | |||
Loading…