Skip to main content
POST
/
oauth
/
token
Issue OAuth access token
curl --request POST \
  --url https://api.coinlist.co/oauth/token \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data grant_type=authorization_code \
  --data 'client_id=<string>' \
  --data 'client_secret=<string>' \
  --data 'code=<string>' \
  --data 'code_verifier=<string>' \
  --data 'redirect_uri=<string>' \
  --data 'refresh_token=<string>'
{
  "access_token": "<string>",
  "expires_in": 123,
  "token_type": "<string>",
  "id_token": "<string>",
  "refresh_token": "<string>"
}

Documentation Index

Fetch the complete documentation index at: https://docs.coinlist.co/llms.txt

Use this file to discover all available pages before exploring further.

Body

application/x-www-form-urlencoded

Token request params

grant_type
enum<string>
required

OAuth grant type. Supported values are authorization_code, client_credentials, and refresh_token.

Available options:
authorization_code,
client_credentials,
refresh_token
client_id
string

OAuth client identifier. Required for all grant types when client authentication is sent in the request body.

client_secret
string

OAuth client secret. Required for all grant types when client authentication is sent in the request body.

code
string

Authorization code received from the /oauth/authorize endpoint. Required when grant_type is authorization_code.

code_verifier
string

PKCE code verifier corresponding to the code_challenge sent to /oauth/authorize. Required when grant_type is authorization_code.

redirect_uri
string<uri>

Must match the redirect_uri used in the original /oauth/authorize request. Required when grant_type is authorization_code.

refresh_token
string

Required when grant_type is refresh_token.

Response

Successful token response

access_token
string
required

The access token

expires_in
integer
required

Token lifetime in seconds

token_type
string
required

Token type, e.g. Bearer

id_token
string

OpenID Connect ID token

refresh_token
string

The refresh token