# Access token endpoint

After successful authentication, the authorization code parameter code is appended to your callback URL. Exchange this authorization code for an access token.

POST https://auth.doccheck.com/token

# Request (application/x-www-form-urlencoded)

client_id={Client-ID}
client_secret={Client-Secret}
grant_type=authorization_code
code={Authorization Code}
redirect_uri={Your registered redirect URI}

Important: The redirect_uri parameter is required and must exactly match the redirect URI used in the authorization request and registered in your client settings. Any mismatch will result in an error when exchanging the code for a token.

# Response

{
  "scope": "...",
  "token_type": "Bearer",
  "expires_in": 3600,
  "access_token": "{Access-Token}",
  "refresh_token": "{Refresh-Token}"
}

# Error response

{
  "error_description": "xxxxx",
  "error": "xxxx"
}

# Testing the endpoint

curl --location 'https://auth.doccheck.com/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=[login_id]' \
--data-urlencode 'client_secret=[client_secret]' \
--data-urlencode 'code=[code]' \
--data-urlencode 'redirect_uri=[redirect_uri]' \
--data-urlencode 'grant_type=authorization_code'

Note

For security reasons you should not share access tokens with third parties, including the user. In particular, do not store the access token in a cookie.

← Authorization Endpoint
/oauth/endpoints/authorization_endpoint.html User data endpoint →
/oauth/endpoints/user-data_endpoint.html