ReferenceAPI ReferenceOAuth

Create access token

POST/oauth/tokenExchange OAuth 2.0 client credentials for a signed JWT Bearer token.

Creates an access token by exchanging OAuth 2.0 client credentials, following RFC 6749 Section 4.4 (Client Credentials Grant).

Authentication: Provide credentials via HTTP Basic Auth (Authorization: Basic base64(client_id:client_secret)) or as client_id and client_secret form parameters in the request body.

Response: Returns a signed JWT (RS256) that can be used as a Bearer token for API access. Use the kid header in the JWT to look up the corresponding public key from the provider signer's key-pair factor for verification.

Note: This endpoint follows the RFC 6749 standard. It accepts application/x-www-form-urlencoded bodies, returns an RFC 6749 token response, and uses standard error codes (invalid_client, invalid_request, etc.).

POST
/oauth/token

Usage Examples

curl -X POST "http://localhost:3000/v2/oauth/token" \  -H "x-ledger: <YOUR LEDGER HANDLE>" \  -H "Content-Type: application/x-www-form-urlencoded" \  -d ''
{
  "access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImxlZGdlci1vYXV0aC1rZXktMSJ9...",
  "token_type": "Bearer",
  "expires_in": 3600
}

{
  "error": "invalid_request",
  "error_description": "Missing grant_type parameter"
}

{
  "error": "invalid_client",
  "error_description": "Invalid client credentials"
}
{
  "error": "server_error",
  "error_description": "An unexpected error occurred processing the request"
}

Header Parameters

x-ledger?|

The unique identifier of ledger in context for multi tenant requests.

Request Body

application/x-www-form-urlencoded

TypeScript Definitions

Use the request body type in TypeScript.

Response Body

application/json

application/json

application/json

application/json

OAuth

Exchange client credentials for an access token.

Bridge

Connect external services to process payments and react to ledger changes.