OAuth Token Endpoint
Endpoint for receiving access, ID, and refresh tokens from Bolt’s OAuth server.
To use this endpoint, first use the Authorization Code Request flow by using the authorization_code Grant Type (grant_type). Then, in the event that you would need a second or subsequent code, use the refresh_token value returned from a successful request as the refresh_token input value in your subsequent refresh_token Grant Type (grant_type) request.
Reminder - the Content-Type of this request must be application/x-www-form-urlencoded
Authorizations
Admins and Developers can obtain their Bolt API key from the Bolt Merchant Dashboard.
Headers
The publicly viewable identifier used to identify a merchant division. This key is found in the Developer > API section of the Bolt Merchant Dashboard [RECOMMENDED].
Body
- Authorization Code Request
- Refresh Token Request
Merchant publishable key which can be found in the merchant dashboard
Your Bolt API Key.
Fetched value using OTP value from the Authorization Modal.
The type of OAuth 2.0 grant being utilized.
The value will always be authorization_code when exchanging an authorization code for an access token.
authorization_code The scope issued to the merchant when receiving an authorization code. Options include bolt.account.manage, bolt.account.view, openid. You can find more information on these options in our OAuth scope documentation.
bolt.account.manage, bolt.account.view, openid A randomly generated string issued to the merchant when receiving an authorization code used to prevent CSRF attacks
Response
OAuth token response.
An access token you can use to make requests on behalf of a Bolt Account.
Access token’s expiration in seconds.
A JWT token issued when the request includes the scope open_id.
A refresh token you can use to issue a brand new access token without obtaining a new authorization code.
The scope granted to the refresh token. Currently this will always be bolt.account.view.
The scope granted to access token, depending on the scope granted to the authorization code as well as the scope parameter. Options include bolt.account.manage, bolt.account.view, openid.
The token_type will always be bearer.