Develop secure applications with Meveto.

The Token Endpoint

Last updated: March 31, 2020

The token endpoint is used to retrieve an access token, issued by Meveto to your application, on behalf of a logged in user. Once you retrieve a token from this endpoint, your application can then use it to retrieve Meveto ID of the associated user. The details of this endpoint are described below.

Token endpoint

https://prod.meveto.com/oauth/token

Expected payload

The endpoint is expecting a POST HTTP request with the following information.

`grant_type`

This is the grant type your application is requesting from Meveto servers. The current value of this parameter should always be authorization_code

`client_id`

This is the ID of your application issued by Meveto. When you register your app with Meveto, you will get an ID.

`client_secret`

This is the secret key of your application issued by Meveto. This is displayed to you only once right after you complete the registration of your application, and this value can never be retrieved again from Meveto. You must ensure that this value is never compromised, and it must never be used in a file that's part of a git history. Make sure to either use this value in an environment variable inside your application's code or any other similar mechanism.

`redirect_uri`

This is the redirect URL of your application that you have provided at the time of registration of your application.

`code`

This is the authorization code that your application received after the authorization request is complete.

Response of the endpoint

The endpoint will return a JSON response with an HTTP code of 200. The response payload will have the following keys:

`error`

If there's an error with your request to get an access token, then the response will contain this key with value set to invalid_client. Your application must always check for this key as soon as a response is received from the endpoint.

`error_description`

Additionally, this key will contain a short description of what went wrong when an error occurs with your request.

`access_token`

If everything with your request goes alright, then this key will contain the actual access token that your application will need, in order to retrieve Meveto ID of the associated user.

`expires_in`

This key contains the number of seconds from the current time until the access token expires. Your app must make use of the token within this time frame.