Exchange Code for Tokens

Server-to-server call. Exchange the authorization code for an access_token. Use the access_token as a Bearer token in the Authorization header when calling API endpoints.

POST/api/oauth/token

Authentication

OAuthAuthorization: Bearer

Uses client_id + client_secret in the request body (not headers).

Query Parameters

grant_typestring

required

Must be 'authorization_code'

Default:authorization_code

codestring

required

The authorization code from the callback redirect

client_idstring

required

From Partner Account → Manage Apps → View Credentials

client_secretstring

required

From Partner Account → Manage Apps → View Credentials

redirect_uristring

optional

Must match the URI used in the authorize step

Responses

200Success

application/json

access_tokenstring

token_typestring

scopestring

Request

curl --request POST \
  --url "https://api.pandaidx.com/api/oauth/token" \
  --header "Content-Type: application/json" \
  --data-raw '{
    "grant_type": "authorization_code",
    "code": "{{auth_code}}",
    "client_id": "{{client_id}}",
    "client_secret": "{{client_secret}}",
    "redirect_uri": "{{redirect_uri}}"
  }'

Response200 OK

{
  "access_token": "64-char-hex-access-token",
  "token_type": "Bearer",
  "scope": "listings,contacts,analytics"
}