The Token Endpoint
Last updated: March 31, 2020
The token endpoint is used to retrieve an access token, issued by Meveto to your application, on behalf of a logged in user. Once you retrieve a token from this endpoint, your application can then use it to retrieve Meveto ID of the associated user. The details of this endpoint are described below.
Token endpoint
https://prod.meveto.com/oauth/token
Expected payload
The endpoint is expecting a POST
HTTP request with the following information.
grant_type
This is the grant type your application is requesting from Meveto servers. The current value of this parameter should always be authorization_code
client_id
This is the ID of your application issued by Meveto. When you register your app with Meveto, you will get an ID.
client_secret
This is the secret key of your application issued by Meveto. This is displayed to you only once right after you complete the registration of your application, and this value can never be retrieved again from Meveto. You must ensure that this value is never compromised, and it must never be used in a file that's part of a git history. Make sure to either use this value in an environment variable inside your application's code or any other similar mechanism.
redirect_uri
This is the redirect URL of your application that you have provided at the time of registration of your application.
code
This is the authorization code that your application received after the authorization request is complete.
Response of the endpoint
The endpoint will return a JSON
response with an HTTP code of 200. The response payload will have the following keys:
error
If there's an error with your request to get an access token, then the response will contain this key with value set to invalid_client.
Your application must always check for this key as soon as a response is received from the endpoint.
error_description
Additionally, this key will contain a short description of what went wrong when an error occurs with your request.
access_token
If everything with your request goes alright, then this key will contain the actual access token that your application will need, in order to retrieve Meveto ID of the associated user.
expires_in
This key contains the number of seconds from the current time until the access token expires. Your app must make use of the token within this time frame.