# Create token **POST /2023-03-01/management/token** Exchange an `authorization_code` for an `access_token` after receiving on from the `redirect_uri` you specifiy after a successful user connection ## Servers - Production server (EU): https://api.affixapi.com (Production server (EU)) - Development server (EU): https://dev.api.affixapi.com (Development server (EU)) ## Parameters ### Body: application/json (object) - **client_id** (string) The client ID you received when you first created the application - **client_secret** (string) The client secret. Since there can be multiple `client_secret`s (to allow for rotation of secrets without downtime to your customers), any current `client_secret` is valid Please email me after signup and I will set both your client secret and redirect_uri (required) when you reach out. - **grant_type** (string) This is a hardcoded value required by the OAuth 2.1 spec - **code** (string) This is the code you received in the query string - **redirect_uri** (string) Indicates the URI to return the user to after authorization is complete, which is the endpoint on your server to receive the authorization_code. Must be identical to the redirect URI provided in the original link. Please email me after signup and I will set both your client secret and redirect_uri (required) when you reach out. ## Responses ### 201 Success #### Body: application/json (object) - **access_token** (string) The issued access_token - **mode** (string) - **provider** (string) - **scopes** (array[string]) One or more scope values indicating which parts of the user's account you wish to access. Note, slight deviation from the OAuth 2.1 spec in that the param is scopes (plural) is used vs scope (singular) - **token_type** (string) The token type to pass in the `Authorization` header ### 400 Bad Request #### Body: application/json (object) - **message** (string) - **validation_error** (string) ### 404 Not Found #### Body: application/json (object) - **message** (string) A description of the error - **id** (string) The id of the entity that the id applies. For example, the transaction id ### 409 Not Found #### Body: application/json (object) - **code** (string) The authorization code insert that caused a conflict - **token** (string) The access token insert that caused a conflict - **error** (string) The description of the type of error, ie conflict of two requests of the the same authorization code ### 429 Rate Limited / Too Many Requests #### Headers - **Retry-After** (integer) Retry your call after the specified amount of seconds #### Body: application/json (object) - **message** (string) ### 500 Server Error #### Body: application/json (object) - **message** (string) [Powered by Bump.sh](https://bump.sh)