Headers
Required only for Sandbox API requests; to get one, please sign up to the Developer Portal.
Body
Unique identifier of your application. Please sign up to the Developer Portal to get one.
"475670cc-e41a-4baa-8eb6-4329af7d1450"
Secret of your application. Please sign up to the Developer Portal to get one.
"this-is-my-amazing-secret"
Type of token you are providing to generate your access token.
- If you are creating your first set of tokens:
authorization_code - If you are refreshing an existing access token:
refresh_token
"authorization_code"
URI to which the Qonto user will be redirected back after they have accepted the connection of your application with their account.
This value is used here for verification purpose in case you provided multiple redirect_uri.
Use this parameter when creating your first set of tokens.
"https://my-company-server.com"
Temporary authorization code received on the redirect_uri.
Keep in mind that this code is only valid for 10 minutes.
Use this parameter to create your first set of tokens.
"ory_ac_lY8t9YfHv3N2tLEKFfgL5_XADs2sbcxVGcYPbneMAAo.w-9CyjAz0DB-_3q2s5ZpYk-oFEUCBcMTU_s5iy07CA0"
Last refresh token. Use this parameter to refresh an existing access token.
Please note that your refresh token remains valid within a grace period of 60 seconds after its first usage, allowing multiple usages without immediate invalidation. When the grace period ends, the refresh token will be invalidated. This can be beneficial in scenarios where network issues or delayed token exchanges may otherwise disrupt session continuity.
"ory_rt_7kRxfEQzaBuL9RRSusC_vKRUNmtr1jdUC_i2NORdmZU.Ze-WLB5gZa7UIbhHSgv3KCpqvJHMZHUn6hgc1XOGoRU"
Response
Returns the set of tokens created. If you are receiving an HTML response, please make sure you've included the X-Qonto-Staging-Token header in your request.
Bearer token to use in the Authorization header of your API requests. This token is valid for 1 hour.
"ory_at_2-ocNFHnqdPjEOs9FdHMf6jKO4VNTVvLp3zChWVItoY.CaKVRy-plm-pr2mKk22Nt3ThgVjHmfkrolgTmMapvCI"
Access token lifespan in seconds.
3600
List of scopes granted to your application.
"offline_access organization.read"
Type of token you have requested. It will always be bearer.
"bearer"
Token to exchange against a new access_token when it reaches its end of life.
This token is valid for 90 days.
☝️ To receive the refresh token, you need to use the offline_access scope when retrieving an authorization code.
"ory_rt_7kRxfEQzaBuL9RRSusC_vKRUNmtr1jdUC_i2NORdmZU.Ze-WLB5gZa7UIbhHSgv3KCpqvJHMZHUn6hgc1XOGoRU"
JSON Web Token that contains information about the user and the session. It can be digitally verified by your application to create a session. This token is valid for 1 hour.
☝️ To receive the ID token, you need to use the openid scope when retrieving an authorization code.
"eyJhbGciOiJSUzI1NiIsImtpZCI6InByaXZhdGU6NzY4ZTk0OTYtMmJlOS00OTg4LTllNzUtZTU2NTEwODI5YzhjIiwidHlwIjoiSldUIn0.eyJhdF9oYXNoIjoiYVJUdFZBbndFX0RDblhSa1hhMnhxQSIsImF1ZCI6WyJsb2NhbGhvc3QtdGVzdC1jbGllbnQtYXBwIl0sImF1dGhfdGltZSI6MTc2MDAyMDQzMSwiZW1haWwiOiJvd25lckBxb250by5ldSIsImV4cCI6MTc2MDAyNDA4MywiaWF0IjoxNzYwMDIwNDgzLCJpc3MiOiJodHRwczovL29hdXRoLXNhbmRib3guc3RhZ2luZy5xb250by5jbyIsImp0aSI6IjBlYjQ3YjczLTI1NzgtNDQ3NC05MjNhLWQ3ZmQ4NTQ1NzJiYyIsInJhdCI6MTc2MDAyMDM1Mywic2lkIjoiZmYxYTY0MjgtOTdkZi00Yzc4LWJjOTgtM2JjMjVlNjM1MmQwIiwic3ViIjoiMDE5NjVkYzQtZmMxZi03ODc0LTgzYjQtYjU1MjhiZWEwYThkIn0.N2M3LiDbNvA115Foed1YVJ8mqr_mq_8-gmAJ6FkhWyx45gpUpeKji4U0lWbh3sYN1cd90aSwhZnrxxTxVsJAo6pvbWkw0ghzMasmltqAbxttPW-GgfieUh1ipbgE7ekmNPT6Op_qAU_E5OhZDKd01HC07on5FdVkdHeZGSN0ahZ4MezlmYA85Ig_qDM-7hW0DQhlATRuYpatl5hIE_7oiGsTrcsUgNYxoIILOCSP_FhHGJRtKah1wVqRhPu5fQG277mOTugI463yMDzAJMRgptEfpA02whnB6tycXKNfRDdFbYS1jxKzwSFTX3QAmhDWWJl4fgyAYe3ur_pD9jqlb9hpZwXFThJzfxyvKkPwiZjaVmWZi1dAhAzE2jZH6ktwimVbDjI3uWiOwz10AsYoTpZXf17jJRrR7bzj_ayYlh1G3JfIEPgiK4QkekWcV9uerWS_9ziyPqVOZw-sBEGZC19JcvMW1pzlK9az9aTKekBmzmCdXw9ankc_-1rfd9rB2oco_-_Vh9hKk5jHExHk0GZ1C48C-UZd7iB0VpQC7R_93gvHk3crIvyPqcZQl7PPBoqYK9thuliLpCkPhJ_nYX-2RDUfeI6wHL26hklCU3t-N-SAecZ34WBkk9S30cvY333HPZi1lNxEptc0obmjCMCYcSg0Sr_Ctk9Z8nXrMEU"