OAuth Token

POST

oauth

token

curl --request POST \
  --url https://public.api.collectpure.com/v1/oauth/token \
  --header 'Content-Type: application/json' \
  --header 'x-api-key: <api-key>' \
  --data '{
  "code": "<string>",
  "public_key": "<string>",
  "secret_key": "<string>",
  "redirect_url": "<string>"
}'

{
  "access_token": "<string>",
  "token_type": "bearer",
  "expires_in": 123,
  "id_token": "<string>",
  "refresh_token": "<string>"
}

Exchange an OAuth authorization code for an access token. This endpoint allows you to obtain an authentication token that can be used for subsequent API requests.

Request Body

code

string

required

The authorization code received from the OAuth provider

public_key

string

required

The public key for the OAuth application

secret_key

string

required

The secret key for the OAuth application

redirect_url

string

required

The redirect URL used in the initial authorization request

Response Example

{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InB1cmUtand0LWtleSJ9...",
  "token_type": "bearer",
  "expires_in": 3600,
  "id_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InB1cmUtand0LWtleSJ9...",
  "refresh_token": "rt_abc123def456ghi789"
}

Using the Token

After obtaining the token, include it in subsequent API requests using the following headers:

"x-auth-token": "your-access-token"
"x-public-key": "your-public-key"
"x-secret-key": "your-secret-key"

The id_token is included in the response when the openid scope is granted, and the refresh_token is included when the offline_access scope is granted.

Error Responses

If the request is invalid or authentication fails, the API will return an error response:

{
  "error": "invalid_request",
  "error_description": "The authorization code is invalid or has expired"
}

Common error codes include:

invalid_request: The request is missing a required parameter or is otherwise malformed
invalid_client: Client authentication failed
invalid_grant: The authorization code is invalid or has expired
unauthorized_client: The client is not authorized to use this grant type
server_error: An unexpected error occurred on the server

Authorizations

x-api-key

string

header

required

API key for authentication

Body

application/json

Response

200

application/json

Default Response

The response is of type object.

Authentication Test Refresh Access Token

curl --request POST \
  --url https://public.api.collectpure.com/v1/oauth/token \
  --header 'Content-Type: application/json' \
  --header 'x-api-key: <api-key>' \
  --data '{
  "code": "<string>",
  "public_key": "<string>",
  "secret_key": "<string>",
  "redirect_url": "<string>"
}'

{
  "access_token": "<string>",
  "token_type": "bearer",
  "expires_in": 123,
  "id_token": "<string>",
  "refresh_token": "<string>"
}

API Documentation

Products

Marketplace

Purchase Orders

Sale Orders

Organization

Authentication

Request Body

Response Example

Using the Token

Error Responses

Authorizations

Body

Response

API Documentation

Products

Marketplace

Purchase Orders

Sale Orders

Organization

Authentication

​Request Body

​Response Example

​Using the Token

​Error Responses

Authorizations

Body

Response

Request Body

Response Example

Using the Token

Error Responses