Disclaimer: This website requires Please enable JavaScript in your browser settings for the best experience.

The availability of features may depend on your plan type. Contact your Customer Success Manager if you have any questions.

Dev GuideAPI Reference
Dev GuideAPI ReferenceUser GuideLegal TermsGitHubDev CommunityOptimizely AcademySubmit a ticketLog In
Dev Guide

Authorization code

This topic describes how to exchange an authorization code for an access token on Optimizely's authorization server.

After you obtain an authorization code, you can exchange this authorization code for an access token by issuing an HTTPS POST request to Optimizely's authorization server.

The examples below show an example request and a successful response. The response will include an access token (with a lifetime of two hours) as well as a refresh token that can be used to request more access tokens after the initial access token expires.

Definitions

  • code – The authorization code returned in the redirect.
  • client_id – The client ID for your application (see app settings).
  • client_secret – client secret for your application (see app settings).
  • redirect_uri – The redirect URI used when requesting the authorization code.
  • grant_type – Defined in the OAuth 2.0 spec, this field must contain a value of authorization_code.

Example POST request

POST https://app.optimizely.com/oauth2/token
  ?code=asdbawejksd
  &client_id=123
  &client_secret=iamverysecret
  &redirect_uri=http%3A%2F%2Fmyapplication.com
  &grant_type=authorization_code

Example JSON response

{
  "access_token": "abcdefghijklmnopqrstuvwxyz",
  "expires_in": 7200,
  "token_type": "bearer",
  "refresh_token": "1234567890abcdefghijklmnopqrstuvwxyz"
}