Skip to content

Latest commit

 

History

History
32 lines (24 loc) · 2.9 KB

obtain-token-request.md

File metadata and controls

32 lines (24 loc) · 2.9 KB
Raw

Obtain Token Request

Structure

Obtain Token Request

Fields

Name Type Tags Description
client_id string Required The Square-issued ID of your application, available from the
developer dashboard.
Constraints: Maximum Length: 191
client_secret string Required The Square-issued application secret for your application, available
from the developer dashboard.
Constraints: Minimum Length: 2, Maximum Length: 1024
code string Optional The authorization code to exchange.
This is required if grant_type is set to authorization_code, to indicate that
the application wants to exchange an authorization code for an OAuth access token.
Constraints: Maximum Length: 191
redirect_uri string Optional The redirect URL assigned in the developer dashboard.
Constraints: Maximum Length: 2048
grant_type string Required Specifies the method to request an OAuth access token.
Valid values are: authorization_code, refresh_token, and migration_token
Constraints: Minimum Length: 10, Maximum Length: 20
refresh_token string Optional A valid refresh token for generating a new OAuth access token.
A valid refresh token is required if grant_type is set to refresh_token , to indicate the application wants a replacement for an expired OAuth access token.
Constraints: Minimum Length: 2, Maximum Length: 1024
migration_token string Optional Legacy OAuth access token obtained using a Connect API version prior
to 2019-03-13. This parameter is required if grant_type is set to
migration_token to indicate that the application wants to get a replacement
OAuth access token. The response also returns a refresh token.
For more information, see Migrate to Using Refresh Tokens.
Constraints: Minimum Length: 2, Maximum Length: 1024
scopes List of string Optional A JSON list of strings representing the permissions the application is requesting.
For example: "["MERCHANT_PROFILE_READ","PAYMENTS_READ","BANK_ACCOUNTS_READ"]"
The access token returned in the response is granted the permissions
that comprise the intersection between the requested list of permissions, and those
that belong to the provided refresh token.
short_lived bool Optional A boolean indicating a request for a short-lived access token.
The short-lived access token returned in the response will expire in 24 hours.

Example (as JSON)

{
  "client_id": "APPLICATION_ID",
  "client_secret": "APPLICATION_SECRET",
  "code": "CODE_FROM_AUTHORIZE",
  "grant_type": "authorization_code"
}