Request Token
API Description
Request an access token using the authorization_code grant type.
To request an access token, the partner's platform must have already obtained an authorization code from Apple Business.
- Partner MUST request an access token using the
authorization_codegrant type within five (5) minutes of receiving it from the authorization code flow authorization_codeMUST only be used once
The system will return an access token that's valid for sixty (60) minutes and a refresh token to be used when requesting a new access token when the current one has expired.
Illustration
Request
Path Template
POST {url}/api/v1/oauth2/token
Request Headers
| Name | Input |
|---|---|
Content-Type |  |
Accept |  |
Example Request Headers
Accept: application/json
Content-Type: application/json
Request Body
| Name | Input |
|---|---|
client_id | |
client_secret | |
code | |
code_verifier | |
grant_type | |
redirect_uri | |
Code
code MUST be the authorization code returned by the authorization code flow.
Grant Type
grant_type MUST be authorization_code.
Example Request Body
{
"client_id": "29352915982374239857",
"client_secret": "e5868ebb4445fc2ad9f949956c1cb9ddefa0d421",
"code": "cEU6NUbjKh83NfQT4GeSh_gf_jOUcjNk4BcpmZBZkRw730erK_9z8P",
"code_verifier": "jgiugdfkbsa",
"grant_type": "authorization_code",
"redirect_uri": "https://www.third-party.com/authorization"
}
Response
200 OK or Error
Response Headers
| Name |
|---|
content-type |
Example Response Headers
HTTP/1.1 200 OK
content-type: application/json
Response Body
| Name | Output |
|---|---|
access_token | |
expires_in | |
refresh_token | |
token_type | |
Example Response Body (raw JSON)
{
"access_token": "404d6d9c170ee9ae4d5b9936c73dd03c23fffff1213cb3",
"expires_in": 3600,
"refresh_token": "eGjFd3NES0Yl6Bb2fdXmZiClOvZ6HYQc77TOOMWNliJj",
"token_type": "Bearer"
}