The Token Endpoint

Last updated: March 31, 2020


The token endpoint is used to retrieve an access token, issued by Meveto to your application, on behalf of a logged in user. Once you retrieve a token from this endpoint, your application can then use it to retrieve Meveto ID of the associated user. The details of this endpoint are described below.

Token endpoint

https://prod.meveto.com/oauth/token

Expected payload

The endpoint is expecting a POST HTTP request with the following information.

grant_type

This is the grant type your application is requesting from Meveto servers. The current value of this parameter should always be authorization_code

client_id

This is the ID of your application issued by Meveto. When you register your app with Meveto, you will get an ID.

client_secret

This is the secret key of your application issued by Meveto. This is displayed to you only once right after you complete the registration of your application, and this value can never be retrieved again from Meveto. You must ensure that this value is never compromised, and it must never be used in a file that's part of a git history. Make sure to either use this value in an environment variable inside your application's code or any other similar mechanism.

redirect_uri

This is the redirect URL of your application that you have provided at the time of registration of your application.

code

This is the authorization code that your application received after the authorization request is complete.

Response of the endpoint

The endpoint will return a JSON response with an HTTP code of 200. The response payload will have the following keys:

error

If there's an error with your request to get an access token, then the response will contain this key with value set to invalid_client. Your application must always check for this key as soon as a response is received from the endpoint.

error_description

Additionally, this key will contain a short description of what went wrong when an error occurs with your request.

access_token

If everything with your request goes alright, then this key will contain the actual access token that your application will need, in order to retrieve Meveto ID of the associated user.

expires_in

This key contains the number of seconds from the current time until the access token expires. Your app must make use of the token within this time frame.