OAuth2 Token

curl --request POST \
  --url https://api.aries.com/v1/oauth2/token \
  --header 'Content-Type: application/json' \
  --data '
{
  "client_id": "client_abc123xyz",
  "code": "auth_code_abc123xyz789def456",
  "code_verifier": "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk",
  "grant_type": "authorization_code",
  "redirect_uri": "https://yourapp.com/callback"
}
'

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
  "expires_in": 3600,
  "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.cThIIoDvwdueQB468K5xDc5633seEFoqwxjF_xSJyQQ",
  "refresh_token_expires_in": 2592000,
  "scope": "read write",
  "token_type": "Bearer"
}

POST

oauth2

token

curl --request POST \
  --url https://api.aries.com/v1/oauth2/token \
  --header 'Content-Type: application/json' \
  --data '
{
  "client_id": "client_abc123xyz",
  "code": "auth_code_abc123xyz789def456",
  "code_verifier": "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk",
  "grant_type": "authorization_code",
  "redirect_uri": "https://yourapp.com/callback"
}
'

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
  "expires_in": 3600,
  "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.cThIIoDvwdueQB468K5xDc5633seEFoqwxjF_xSJyQQ",
  "refresh_token_expires_in": 2592000,
  "scope": "read write",
  "token_type": "Bearer"
}

Body

application/json

client_id

string

required

OAuth2 client identifier

grant_type

enum<string>

required

OAuth2 grant type. Both 'authorization_code' and 'code' are accepted (authorization_code is normalized to code internally)

Available options:

authorization_code,

code,

refresh_token

client_secret

string

Client secret (required for confidential clients and refresh_token grant)

code

string

Authorization code from /v1/oauth2/authorize/confirm (required for authorization_code grant)

code_verifier

string

PKCE code verifier (required for PKCE flow, replaces client_secret)

redirect_uri

string<uri>

Redirect URI (required for authorization_code grant, must match authorization request)

refresh_token

string

Refresh token (required for refresh_token grant)

Response

Tokens generated successfully

access_token

string

required

Bearer token for API authentication

expires_in

integer

required

Access token expiration time in seconds (typically 3600 = 1 hour)

token_type

enum<string>

required

Token type (always Bearer)

Available options:

Bearer

refresh_token

string

Token to refresh the access token

refresh_token_expires_in

integer

Refresh token expiration time in seconds (typically 2592000 = 30 days)

scope

string

Space-separated list of granted scopes

PKCE Flow

⌘I

Implementation

Body

Response