Request an access token
POST/oauth/token
Returns an access token for the end user
Request
- application/x-www-form-urlencoded
Body
required
Possible values: [authorization_code, password, refresh_token]
Which grant type to use
authorization_code and refresh_token are used by most clients
password is only available with prior approval from VATSIM
Client ID
Client secret
Redirect URI (must match the one provided in the authorization request)
Authorization code returned in the callback from the server
Required when using the authorization_code grant
Possible values: [full_name, email, vatsim_details, country]
Requested scopes
Required when using the password grant
Optional when using the refresh_token grant
VATSIM ID of the user to authenticate
Required when using the password grant
Password of the user to authenticate
Required when using the password grant
Refresh token issued in the original access token request
Required when using the refresh_token grant
Responses
- 200
- 400
Successful operation
- application/json
- Schema
- Example (from schema)
Schema
Possible values: [Bearer]
Token type
Access token lifetime (secs)
Access token (validity specified in expires_in)
Refresh token (valid for 30 days)
Possible values: [full_name, email, vatsim_details, country]
Granted scopes
{
"token_type": "Bearer",
"expires_in": 604800,
"access_token": "string",
"refresh_token": "string",
"scopes": [
"full_name",
"email",
"vatsim_details",
"country"
]
}
Bad request
- application/json
- Schema
- Example (from schema)
Schema
Possible values: [invalid_request, invalid_client, invalid_grant, unauthorized_client, unsupported_grant_type]
Error code
Human-readable text providing additional information
Human-readable text providing additional information
Troubleshooting hint for the client developer
{
"error": "invalid_request",
"error_description": "string",
"hint": "string"
}