API explorerChangelog
API explorer
Changelog

Theme switcher

Exchange Authorization Code

Description: Exchanges an authorization code for an access token. This is the second step of the OAuth 2.0 flow, completed after the user has authenticated and COUNT has redirected back to your application with a code.

Purpose: Allows your backend server to securely retrieve an access token (and optionally a refresh token) using the authorization code returned from COUNT’s authorization screen. This access token is then used to authenticate API requests on behalf of the user.

🔁 Authorization Code Flow Recap

After you initiate the OAuth flow and redirect the user to COUNT’s authorization screen, the user will authenticate and grant consent. Once successful, COUNT redirects the user back to your specified redirectUri with a query parameter named code. This authorization code is short-lived and is used in the next step to obtain an access token.

Header Parameters

Content-Typestring
x-client-idstring Required
x-signaturestring Required
x-timestampstring Required

Body Parameters

grantTypestring
codestring
client_idstring
client_secretstring

Response

200
Object
{ "status": "success", "message": "Success on exchanging access token.", "data": { "result": { "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c", "refreshToken": "refresh_token_xyz789", "accessTokenExpiresAt": "2026-02-01T10:00:00.000Z", "refreshTokenExpiresAt": "2026-03-01T10:00:00.000Z", "workspaceId": 12345, "workspaceName": "Acme Corporation" } } }

Response Attributes

accessTokenstring Required

A Bearer access token used to authenticate API requests on behalf of the user. Include this in the Authorization header as Bearer when calling protected COUNT APIs.

refreshTokenstring Required

A token used to obtain a new accessToken when the current one expires. Should be securely stored and used only from your backend.

accessTokenExpiresAtstring Required

The ISO 8601 timestamp indicating when the accessToken will expire. After this time, you must use the refreshToken to obtain a new access token.

refreshTokenExpiresAtstring Required

The ISO 8601 timestamp showing when the refreshToken will expire. After this point, the user must re-authenticate via the authorization flow.

workspaceIdstring Required

A unique identifier for the COUNT workspace (organization/account) the user has connected. Use this to scope or associate actions with a specific COUNT account.

workspaceNamestring Required

The human-readable name of the connected COUNT workspace, useful for display in your UI or logs.

Was this section helpful?

What made this section unhelpful for you?

Endpoints

POST

POST

/

Select
1

Response

Was this section helpful?

What made this section unhelpful for you?