Token Endpoint
Exchange authorization code for access tokens.
POST https://api.prefid.dev/oauth/token
Authorization Code Grant
curl -X POST "https://api.prefid.dev/oauth/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=authorization_code" \
-d "client_id=YOUR_CLIENT_ID" \
-d "client_secret=YOUR_CLIENT_SECRET" \
-d "code=AUTH_CODE" \
-d "redirect_uri=https://yourapp.com/callback" \
-d "code_verifier=PKCE_VERIFIER"
Parameters
| Parameter | Type | Required | Description |
|---|
grant_type | string | Yes | Must be authorization_code |
client_id | string | Yes | Your OAuth client ID |
client_secret | string | Yes | Your OAuth client secret |
code | string | Yes | Authorization code from redirect |
redirect_uri | string | Yes | Must match registered URI |
code_verifier | string | Yes | PKCE code verifier |
Refresh Token Grant
curl -X POST "https://api.prefid.dev/oauth/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=refresh_token" \
-d "client_id=YOUR_CLIENT_ID" \
-d "client_secret=YOUR_CLIENT_SECRET" \
-d "refresh_token=prefid_rt_xxxxx"
Token Introspection
Check if a token is valid.
curl -X POST "https://api.prefid.dev/oauth/introspect" \
-H "Content-Type: application/x-www-form-urlencoded" \
-H "Authorization: Basic BASE64(client_id:client_secret)" \
-d "token=prefid_at_xxxxx"
Token Revocation
Revoke an access or refresh token.
curl -X POST "https://api.prefid.dev/oauth/revoke" \
-H "Content-Type: application/x-www-form-urlencoded" \
-H "Authorization: Basic BASE64(client_id:client_secret)" \
-d "token=prefid_rt_xxxxx" \
-d "token_type_hint=refresh_token"
User Info
Get information about the authenticated user.
curl -X GET "https://api.prefid.dev/oauth/userinfo" \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"
