authorization_code
grant type is used by webapp applications to exchange an authorization code for an access token.authorization_code
flow requires two steps:GET
request to the Commerce Layer dashboard /oauth/authorize
endpoint with the application credentials and the response type as query parameters.code
.string
client_id
string
redirect_uri
string
string
code
200 OK
status code.client_id
exists, the user is prompted to authorize the 3rd party application to access their data. After the authorization, the browser is redirected to the redirect_uri
with a code
parameter in the URL.authorization_code
grant type, send a POST
request to your Commerce Layer subdomain /oauth/token
endpoint, passing the application credentials and the code you got from the previous step in the request body.string
authorization_code
string
redirect_uri
query stringstring
client_id
string
client_secret
string
redirect_uri
string
authorization_code
grant type with the code you got from the previous step:200 OK
status code, returning the requested access token and customer info, along with a refresh token:scope
is the same passed as a query parameter in the request you made to get your-authorization-code
.