Exchange or refresh OAuth tokens - Scalev Documentation

curl --request POST \ --url https://api.scalev.com/v3/oauth/token \ --header 'Content-Type: application/json' \ --data ' { "client_id": "<string>", "client_secret": "<string>", "client_assertion_type": "<string>", "client_assertion": "<string>", "code": "<string>", "redirect_uri": "<string>", "code_verifier": "<string>", "refresh_token": "<string>", "resource": "<string>" } '

Body

application/json

grant_type

enum<string>

wajib

Opsi yang tersedia:

authorization_code,

refresh_token

client_id

string

wajib

OAuth application client ID, registered client ID, or HTTPS Client ID Metadata Document URL.

client_secret

string

Required for confidential clients when HTTP Basic auth is not used. Omit for public client registrations using token_endpoint_auth_method=none and for clients using private_key_jwt.

client_assertion_type

string

Required for private_key_jwt; must be urn:ietf:params:oauth:client-assertion-type:jwt-bearer.

client_assertion

string

Signed JWT client assertion required for private_key_jwt.

code

string

Authorization code, required for authorization_code.

redirect_uri

string<uri>

Redirect URI used on the authorization request.

code_verifier

string

PKCE code verifier. Required for public clients and recommended for all authorization-code exchanges.

refresh_token

string

Refresh token, required for refresh_token.

resource

string<uri>

Optional resource audience. Must match the resource requested during authorization when present. Official Scalev MCP DCR/CIMD clients may omit it when the authorization session is already MCP-bound.

Respons

Success

Raw single-resource success payload for v3.