Authorize a User

post

https://api-sandbox.astra.finance/v1/oauth/token

You can place your application's client_id into the username field, and your client_secret into the password form field of the Authentication section of this documentation 👉.

Use this endpoint to both initially Authorize a User, and also to Refresh Authorization for a user.

In the Form Data below, Option 1 is for the initial action to Authorize a User. Option 2 is for the action of using the refresh_token to generate a new access_token.

Recent Requests

Time	Status	User Agent
Retrieving recent requests…

Loading…

Form Data

There are two options for retrieving authorization on behalf of a user. First is the initial authorization request, which requires an authorization_code generated after a user authenticates. Second, is the method of refreshing a user's access_token.

grant_type

string

enum

required

Grant type of authorization_code for initial authorization to generate an access_token for a specific user

Allowed:

code

password

required

The authorization code your Client received after the User authorized your application.

The authorization_code is only active for approximately 2 minutes. After it expires, a new authorization_code will need to be obtained.

redirect_uri

string

required

The redirect URI you want to send Authenticated Users to on success (this must match your Developer Account settings)

expires_in

integer

The TTL of the access_token in seconds. Defaults to 7200 if not included. Valid values are between 300 and 86400 inclusive.

Responses

Language

Credentials

Basic

base64

URL

Loading…

Response

Click Try It! to start a request and see the response here! Or choose an example:

application/json

200Authorization Responses

400Authorization Responses