Generate OAuth Access Token

Generate OAuth access token

curl --request POST \
  --url http://sandbox.mintlify.com/oauth/token \
  --header 'Content-Type: application/json' \
  --data '
{
  "clientId": "app_1234567890abcdef",
  "clientSecret": "cs_1234567890abcdef",
  "scopes": [
    "read:organization"
  ],
  "userId": "550e8400-e29b-41d4-a716-446655440000"
}
'

POST

oauth

token

Generate OAuth access token

curl --request POST \
  --url http://sandbox.mintlify.com/oauth/token \
  --header 'Content-Type: application/json' \
  --data '
{
  "clientId": "app_1234567890abcdef",
  "clientSecret": "cs_1234567890abcdef",
  "scopes": [
    "read:organization"
  ],
  "userId": "550e8400-e29b-41d4-a716-446655440000"
}
'

Generates an OAuth2 access token using client credentials flow.

This is a PUBLIC ENDPOINT (no authentication required). Rate-limited to 10 requests per minute.

Request Body

Field	Type	Required	Description
`clientId`	string	Yes	Client ID of the OAuth application
`clientSecret`	string	Yes	Client secret of the OAuth application
`scopes`	array	Yes	OAuth scopes requested
`userId`	string	No	User ID for user-specific tokens

Example Request

curl -X POST http://localhost:3001/api/oauth/token \
  -H "Content-Type: application/json" \
  -d '{
    "clientId": "app_1234567890abcdef",
    "clientSecret": "cs_1234567890abcdef",
    "scopes": ["read:organization"]
  }'

Example Response

{
  "access_token": "eyJhbGciOiJIUzI1NiIs...",
  "token_type": "Bearer",
  "expires_in": 3600,
  "scope": "read:organization"
}

Token Scopes

Token scopes are validated against the OAuth application configuration. Only scopes configured for the application can be requested.

Using the Token

Include the access token in API requests:

curl -X GET http://localhost:3001/api/users/me \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..."

Token Expiry

Access tokens expire after 1 hour (3600 seconds). Use the refresh token endpoint to get a new token.

Common Errors

400 Bad Request

Invalid request. Check required fields: client_id, client_secret, scopes.

401 Unauthorized

Invalid client credentials. Check client_id and client_secret.

429 Too Many Requests

Rate limit exceeded. Maximum 10 requests per minute for token generation.

Body

application/json

clientId

string

required

Client ID of the OAuth application

Example:

"app_1234567890abcdef"

clientSecret

string

required

Client secret of the OAuth application

Example:

"cs_1234567890abcdef"

scopes

array[]

required

OAuth scopes requested

Example:

["read:organization"]

userId

string

User ID for user-specific tokens

Example:

"550e8400-e29b-41d4-a716-446655440000"

Response

Access token generated successfully. Returns token, type (Bearer), expiration time, and granted scopes.

Authorization Endpoint Exchange Authorization Code

API documentation

Organizations

Members

Invites

Auth

OAuth

Customers

Products

Users

Webhooks

API Keys

Generate OAuth Access Token

Request Body

Example Request

Example Response

Token Scopes

Using the Token

Token Expiry

Common Errors

400 Bad Request

401 Unauthorized

429 Too Many Requests

Body

Response

API documentation

Organizations

Members

Invites

Auth

OAuth

Customers

Products

Users

Webhooks

API Keys

​Request Body

​Example Request

​Example Response

​Token Scopes

​Using the Token

​Token Expiry

​Common Errors

​400 Bad Request

​401 Unauthorized

​429 Too Many Requests

Body

Response

Request Body

Example Request

Example Response

Token Scopes

Using the Token

Token Expiry

Common Errors

400 Bad Request

401 Unauthorized

429 Too Many Requests