Obtain Token Request

Structure

Obtain Token Request

Fields

Name	Type	Tags	Description
`client_id`	`str`	Required	The Square-issued ID of your application, which is available on the OAuth page in the Developer Dashboard. Constraints: Maximum Length: `191`
`client_secret`	`str`	Optional	The Square-issued application secret for your application, which is available on the OAuth page in the Developer Dashboard. This parameter is only required when you're not using the OAuth PKCE (Proof Key for Code Exchange) flow. The PKCE flow requires a `code_verifier` instead of a `client_secret` when `grant_type` is set to `authorization_code`. If `grant_type` is set to `refresh_token` and the `refresh_token` is obtained uaing PKCE, the PKCE flow only requires `client_id`, `grant_type`, and `refresh_token`. Constraints: Minimum Length: `2`, Maximum Length: `1024`
`code`	`str`	Optional	The authorization code to exchange. This code is required if `grant_type` is set to `authorization_code` to indicate that the application wants to exchange an authorization code for an OAuth access token. Constraints: Maximum Length: `191`
`redirect_uri`	`str`	Optional	The redirect URL assigned on the OAuth page for your application in the Developer Dashboard. Constraints: Maximum Length: `2048`
`grant_type`	`str`	Required	Specifies the method to request an OAuth access token. Valid values are `authorization_code`, `refresh_token`, and `migration_token`. Constraints: Minimum Length: `10`, Maximum Length: `20`
`refresh_token`	`str`	Optional	A valid refresh token for generating a new OAuth access token. A valid refresh token is required if `grant_type` is set to `refresh_token` to indicate that the application wants a replacement for an expired OAuth access token. Constraints: Minimum Length: `2`, Maximum Length: `1024`
`migration_token`	`str`	Optional	A legacy OAuth access token obtained using a Connect API version prior to 2019-03-13. This parameter is required if `grant_type` is set to `migration_token` to indicate that the application wants to get a replacement OAuth access token. The response also returns a refresh token. For more information, see Migrate to Using Refresh Tokens. Constraints: Minimum Length: `2`, Maximum Length: `1024`
`scopes`	`List[str]`	Optional	A JSON list of strings representing the permissions that the application is requesting. For example, "`["MERCHANT_PROFILE_READ","PAYMENTS_READ","BANK_ACCOUNTS_READ"]`". The access token returned in the response is granted the permissions that comprise the intersection between the requested list of permissions and those that belong to the provided refresh token.
`short_lived`	`bool`	Optional	A Boolean indicating a request for a short-lived access token. The short-lived access token returned in the response expires in 24 hours.
`code_verifier`	`str`	Optional	Must be provided when using the PKCE OAuth flow if `grant_type` is set to `authorization_code`. The `code_verifier` is used to verify against the `code_challenge` associated with the `authorization_code`.

Example (as JSON)

{
  "client_id": "APPLICATION_ID",
  "client_secret": "APPLICATION_SECRET",
  "code": "CODE_FROM_AUTHORIZE",
  "grant_type": "authorization_code",
  "redirect_uri": "redirect_uri6",
  "refresh_token": "refresh_token8",
  "migration_token": "migration_token6"
}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly