Dev GuideAPI Reference
Dev GuideAPI ReferenceUser GuideProduct feedbackGitHubNuGetDev CommunitySubmit a ticketLog In

Authorization code

This topic describes how to exchange an authorization code for an access token on Optimizely's authorization server.

After you obtain an authorization code, you can exchange this authorization code for an access token by issuing an HTTPS POST request to Optimizely's authorization server.

The examples below show an example request and a successful response. The response will include an access token (with a lifetime of two hours) as well as a refresh token that can be used to request more access tokens after the initial access token expires.


  • code – The authorization code returned in the redirect.
  • client_id – The client ID for your application (see app settings).
  • client_secret – client secret for your application (see app settings).
  • redirect_uri – The redirect URI used when requesting the authorization code.
  • grant_type – Defined in the OAuth 2.0 spec, this field must contain a value of authorization_code.

Example POST request


Example JSON response

  "access_token": "abcdefghijklmnopqrstuvwxyz",
  "expires_in": 7200,
  "token_type": "bearer",
  "refresh_token": "1234567890abcdefghijklmnopqrstuvwxyz"