Add-ons
Checkout Sessions
Connect
Coupons
Credit Notes
Customers
Events
Metrics
OAuth Apps
Plans
Products
Subscriptions
webhooks
- HOOKAddonarchived webhook
- HOOKAddoncreated webhook
- HOOKAddonupdated webhook
- HOOKCouponarchived webhook
- HOOKCouponcreated webhook
- HOOKCouponupdated webhook
- HOOKCredit notecreated webhook
- HOOKCredit notefinalized webhook
- HOOKCredit notevoided webhook
- HOOKCustomercreated webhook
- HOOKInvoicecreated webhook
- HOOKInvoicefinalized webhook
- HOOKInvoicepaid webhook
- HOOKInvoicevoided webhook
- HOOKMetricarchived webhook
- HOOKMetriccreated webhook
- HOOKMetricupdated webhook
- HOOKPlanarchived webhook
- HOOKPlancreated webhook
- HOOKPlanpublished webhook
- HOOKProductarchived webhook
- HOOKProductcreated webhook
- HOOKProductupdated webhook
- HOOKQuoteaccepted webhook
- HOOKQuoteconverted webhook
- HOOKSubscriptioncreated webhook
Exchange tokens
Copy
curl --request POST \
--url https://api.example.com/api/v1/oauth/token \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data 'grant_type=<string>' \
--data 'client_id=<string>' \
--data 'client_secret=<string>' \
--data 'code=<string>' \
--data 'code_verifier=<string>' \
--data connected_account_id=cacc_7n42DGM5Tflk9n8mt7Fhc7 \
--data 'redirect_uri=<string>' \
--data 'refresh_token=<string>'Copy
{
"access_token": "<string>",
"expires_in": 123,
"token_type": "<string>",
"refresh_token": "<string>",
"scope": "<string>"
}OAuth
Exchange tokens
OAuth 2.0 token endpoint. Supports three grant types:
authorization_code: Exchange an authorization code for tokens (Standard Connect)refresh_token: Refresh an access tokenconnect_account: Mint tokens for an active connected account (Express Connect)
Authenticate via HTTP Basic auth (client_id:client_secret) or body parameters.
POST
/
api
/
v1
/
oauth
/
token
Exchange tokens
Copy
curl --request POST \
--url https://api.example.com/api/v1/oauth/token \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data 'grant_type=<string>' \
--data 'client_id=<string>' \
--data 'client_secret=<string>' \
--data 'code=<string>' \
--data 'code_verifier=<string>' \
--data connected_account_id=cacc_7n42DGM5Tflk9n8mt7Fhc7 \
--data 'redirect_uri=<string>' \
--data 'refresh_token=<string>'Copy
{
"access_token": "<string>",
"expires_in": 123,
"token_type": "<string>",
"refresh_token": "<string>",
"scope": "<string>"
}Body
application/x-www-form-urlencoded
Token request (from POST body, application/x-www-form-urlencoded)
Grant type: "authorization_code", "refresh_token", or "connect_account"
Client ID (if not using HTTP Basic auth)
Client secret (if not using HTTP Basic auth)
Authorization code (for authorization_code grant)
PKCE code verifier (for authorization_code grant with PKCE)
Connected account ID (for connect_account grant)
Example:
"cacc_7n42DGM5Tflk9n8mt7Fhc7"
Redirect URI (for authorization_code grant, must match the one used in /authorize)
Refresh token (for refresh_token grant)
⌘I