> ## Documentation Index
> Fetch the complete documentation index at: https://docs.aisync.link/llms.txt
> Use this file to discover all available pages before exploring further.

# Generate Token

> Exchange authorization code for access token and refresh token. This endpoint is used after receiving the authorization code from the authorize endpoint.

## Generate Token

Exchange the authorization code for an access token and refresh token. This endpoint is used after receiving the authorization code from the authorize endpoint.

<ParamField body="form" path="code" type="string" required>
  The authorization code received from the authorize endpoint
</ParamField>

<ParamField body="form" path="client_id" type="string" required>
  Your OAuth client ID
</ParamField>

<ParamField body="form" path="client_secret" type="string" required>
  Your OAuth client secret (keep this secure!)
</ParamField>

<ParamField body="form" path="grant_type" type="string" required>
  Must be set to `authorization_code` for this flow
</ParamField>

<ParamField body="form" path="redirect_uri" type="string" required>
  The same redirect URI used in the authorization request
</ParamField>

<CodeGroup>
  ```bash cURL theme={null}
  curl --location 'https://app.aisync.link/oauth/token' \
    --form 'code="{{code}}"' \
    --form 'client_id="{{client_id}}"' \
    --form 'client_secret="{{client_secret}}"' \
    --form 'grant_type="authorization_code"' \
    --form 'redirect_uri="{{redirect_uri}}"'
  ```
</CodeGroup>

<ResponseField name="access_token" type="string">
  The access token to use for API requests. Include this in the Authorization header as `Bearer {access_token}`.
</ResponseField>

<ResponseField name="refresh_token" type="string">
  Token used to obtain a new access token when it expires. Store this securely.
</ResponseField>

<ResponseField name="token_type" type="string">
  The type of token, typically `Bearer`
</ResponseField>

<ResponseField name="expires_in" type="integer">
  The number of seconds until the access token expires
</ResponseField>

<Warning>
  Store your refresh token securely. You'll need it to get new access tokens without requiring user re-authorization.
</Warning>


## OpenAPI

````yaml POST /oauth/token
openapi: 3.1.0
info:
  title: AI Sync OAuth API
  description: OAuth 2.0 API for authenticating and authorizing third-party applications
  version: 1.0.0
servers:
  - url: https://app.aisync.link
    description: Production server
security: []
paths:
  /oauth/token:
    post:
      tags:
        - OAuth
      summary: Generate Token
      description: >-
        Exchange authorization code for access token and refresh token. This
        endpoint is used after receiving the authorization code from the
        authorize endpoint.
      operationId: generateToken
      requestBody:
        required: true
        content:
          application/x-www-form-urlencoded:
            schema:
              type: object
              required:
                - code
                - client_id
                - client_secret
                - grant_type
                - redirect_uri
              properties:
                code:
                  type: string
                  description: The authorization code received from the authorize endpoint
                client_id:
                  type: string
                  description: Your OAuth client ID
                client_secret:
                  type: string
                  description: Your OAuth client secret
                  format: password
                grant_type:
                  type: string
                  enum:
                    - authorization_code
                  description: Must be set to 'authorization_code' for this flow
                  default: authorization_code
                redirect_uri:
                  type: string
                  format: uri
                  description: The same redirect URI used in the authorization request
      responses:
        '200':
          description: Token response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/TokenResponse'
        '400':
          description: Invalid request or expired code
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
        '401':
          description: Invalid client credentials
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
components:
  schemas:
    TokenResponse:
      type: object
      properties:
        access_token:
          type: string
          description: The access token to use for API requests
        refresh_token:
          type: string
          description: Token used to obtain a new access token when it expires
        token_type:
          type: string
          description: The type of token, typically 'Bearer'
          default: Bearer
        expires_in:
          type: integer
          description: The number of seconds until the access token expires
      required:
        - access_token
        - token_type
        - expires_in
    Error:
      type: object
      properties:
        error:
          type: string
          description: Error code
        error_description:
          type: string
          description: Human-readable error description
        message:
          type: string
          description: Error message
      required:
        - error

````