> ## Documentation Index
> Fetch the complete documentation index at: https://tyk.io/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# OAuth Token Endpoint

> Exchanges an authorization code for an access token.



## OpenAPI

````yaml /swagger/5.12/ai-studio-swagger.yml post /oauth/token
openapi: 3.0.1
info:
  title: Midsommar API
  description: This is the API for the Midsommar user and group management system.
  termsOfService: http://swagger.io/terms/
  contact:
    name: API Support
    url: http://www.swagger.io/support
    email: support@swagger.io
  license:
    name: Apache 2.0
    url: http://www.apache.org/licenses/LICENSE-2.0.html
  version: '1.0'
servers:
  - url: //localhost:8080/api/v1
security: []
paths:
  /oauth/token:
    post:
      tags:
        - oauth
      summary: OAuth Token Endpoint
      description: Exchanges an authorization code for an access token.
      requestBody:
        content:
          application/x-www-form-urlencoded:
            schema:
              required:
                - client_id
                - code
                - code_verifier
                - grant_type
                - redirect_uri
              type: object
              properties:
                grant_type:
                  type: string
                  description: Must be 'authorization_code'
                code:
                  type: string
                  description: Authorization code
                redirect_uri:
                  type: string
                  description: Redirect URI used in authorization request
                client_id:
                  type: string
                  description: Client ID
                client_secret:
                  type: string
                  description: >-
                    Client Secret (for confidential clients using
                    client_secret_post)
                code_verifier:
                  type: string
                  description: PKCE Code Verifier
        required: true
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/api.AccessTokenResponse'
        '400':
          description: e.g., invalid_request, invalid_grant
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/api.OAuthErrorResponse'
        '401':
          description: e.g., invalid_client
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/api.OAuthErrorResponse'
components:
  schemas:
    api.AccessTokenResponse:
      type: object
      properties:
        access_token:
          type: string
        expires_in:
          type: integer
          description: In seconds
        refresh_token:
          type: string
        scope:
          type: string
        token_type:
          type: string
    api.OAuthErrorResponse:
      type: object
      properties:
        error:
          type: string
        error_description:
          type: string
        error_uri:
          type: string

````