Generate Token

POST /oauth/token

This endpoint is used to generate refresh token using parameters client_id, code and client_secret.

If Grant type is "authorization_code" then request body must have two mandatory parameters, called "code" and "redirect_uri".

While generating new access token on expiry, request body must have grant type as "refresh_token" and mandatory parameter called "refresh_token".


  • The string Basic with your Client ID and Client Secret separated with colon (:), Base64-encoded. For example, Client_ID:Client_Secret Base64-encoded is Q2xpZW50X0lEOkNsaWVudF9TZWNyZXQ=.


Body Required

  • code string Required

    Code will be come from the authorize url call back redirect url.

  • refresh_token string Required

    Refresh Token

  • grant_type string Required


    Values are authorization_code or refresh_token.

  • redirect_uri string Required

    Redirect URI


  • 201

    Generate required refresh and access tokens.

    Hide response attributes Show response attributes object
    • access_token string Required

      Access Token

    • token_type string Required

      Token Type

    • refresh_token string Required

      Refresh token

    • expires_in number Required

      Expires in seconds

    • scope string Required


      Values are file, label, doc, milestone, message, subtask, project, task_group, task, subteam, member, or folder.

  • 401

    The client request has not been completed because it lacks valid authentication credentials for the requested resource.

  • 403

    The client does not have access rights to the content.

  • 405

    The request method is known by the server but is not supported by the target resource.

POST /oauth/token
curl \
 -X POST \
 -H "Content-Type: application/json" \
 -H "authorization: string" \
 -d '{"code":"Pk6DnFY4q9Z1X7aOQATV5z4bxg1rjwH4","refresh_token":"string","grant_type":"authorization_code","redirect_uri":"string"}'
Request example
# Headers
authorization: string

# Payload
  "code": "Pk6DnFY4q9Z1X7aOQATV5z4bxg1rjwH4",
  "refresh_token": "string",
  "grant_type": "authorization_code",
  "redirect_uri": "string"
Response examples (201)
  "access_token": "string",
  "token_type": "string",
  "refresh_token": "string",
  "expires_in": 42.0,
  "scope": "file"