Step 3: Exchange your Authorization Code for an Access Token

After obtaining the authorization code, the next step is to exchange it for an access token. This access token is what you'll use to authenticate API requests to the Nxsys API.

Prerequisites

Before you begin, make sure you have:

  • Client ID
  • Client Secret
  • Authorization Code (obtained from the previous step)
  • Redirect URI
If you don't have these credentials, refer to the Create a Client Application and Obtain Authorization Code sections.

Steps

  1. Prepare the Token Request
    Create a POST request to the token endpoint with the following parameters:
    POST {{nxsys_base_api_url}}/nxsys/oauth/token
Content-Type: application/x-www-form-urlencoded
    Nxsys Base API URL
    Learn more about the Nxsys Base API URL

    Include the following parameters in the request body:
    ParameterDescription
    grantTypeMust be set to authorization_code
    codeThe authorization code received in the previous step
    clientIdYour application's client ID
    clientSecretYour application's client secret
    redirectUriThe same redirect URI used in the authorization request
  2. Send the Request
    Here's an example using cURL:
    curl -X POST {{nxsys_base_api_url}}/nxsys/oauth/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grantType=authorization_code" \
  -d "code=YOUR_AUTHORIZATION_CODE" \
  -d "clientId=YOUR_CLIENT_ID" \
  -d "clientSecret=YOUR_CLIENT_SECRET" \
  -d "redirectUri=YOUR_REDIRECT_URI"

    Replace the placeholders with your actual values.
  3. Handle the Response
    If successful, you'll receive a JSON response containing the access token:
    {
  "accessToken": "YOUR_ACCESS_TOKEN",
  "tokenType": "Nxsys-oauthtoken",
  "expiresIn": 3600,
  "refreshToken": "YOUR_REFRESH_TOKEN"
}
    FieldDescription
    accessTokenThe token to use for authenticating API requests
    tokenTypeThe type of token, typically "Nxsys-oauthtoken"
    expiresInThe number of seconds until the access token expires
    refreshTokenA token used to obtain a new access token when it expires
Store the access token and refresh token securely. Never expose them in client-side code or public repositories.

Using the Access Token

To use the access token in your API requests, include it in the Authorization header:

Authorization: Nxsys-oauthtoken YOUR_ACCESS_TOKEN

Replace YOUR_ACCESS_TOKEN with the actual access token you received.

Table of Contents