Skip to main content
POST
/
auth
/
one-time-code
Exchange a one-time code for a token
curl --request POST \
  --url https://apiv2.example.com/auth/one-time-code \
  --header 'Content-Type: application/json' \
  --data '
{
  "nonce": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
  "code": "ZX9Q2"
}
'
{
  "accessToken": "<string>",
  "tokenType": "Bearer",
  "expiresIn": 604800,
  "userId": "f47ac10b-58cc-4372-a567-0e02b2c3d479"
}

Body

application/json

Request to exchange a one-time code (e.g. from a payment link) for an access token.

nonce
string
required

The nonce that identifies the one-time code request.

Example:

"a1b2c3d4-e5f6-7890-abcd-ef1234567890"

code
string
required

The one-time code to exchange.

Example:

"ZX9Q2"

Response

Code exchanged successfully. Returns access token for API authentication.

OAuth2-compatible token response containing the access token for authenticating API requests.

accessToken
string
required

JWT access token for authenticating API requests. Include in the Authorization header as "Bearer {accessToken}".

tokenType
enum<string>
required

The type of token issued. Always "Bearer" for JWT tokens.

Available options:
Bearer
Example:

"Bearer"

expiresIn
integer
required

Number of seconds until the access token expires.

Example:

604800

userId
string

The unique identifier of the authenticated user.

Example:

"f47ac10b-58cc-4372-a567-0e02b2c3d479"