Skip to main content
Exchange for access_token (authorization_code or refresh_token)
curl --request POST \
  --url https://formhug.ai/api/v1/oauth/token \
  --header 'Content-Type: application/json' \
  --data '
{
  "client_id": "<string>",
  "client_secret": "<string>",
  "code": "<string>",
  "code_verifier": "<string>",
  "redirect_uri": "<string>",
  "refresh_token": "<string>"
}
'
{
  "access_token": "<string>",
  "token_type": "Bearer",
  "expires_in": 86400,
  "refresh_token": "<string>",
  "refresh_expires_in": 2592000,
  "scope": "form:read entry:read"
}

Body

application/json
grant_type
enum<string>
required

Grant type

Available options:
authorization_code,
refresh_token
client_id
string
required
client_secret
string
required
code
string

Required when grant_type=authorization_code

code_verifier
string

Required when grant_type=authorization_code; matches the PKCE code_challenge

redirect_uri
string

Required when grant_type=authorization_code; must match the value sent to /authorize

refresh_token
string

Required when grant_type=refresh_token

Response

Tokens issued

access_token
string
required

JWT access token

token_type
string
required
Example:

"Bearer"

expires_in
integer
required

access_token lifetime in seconds

Example:

86400

refresh_token
string
required
refresh_expires_in
integer
required

refresh_token lifetime in seconds

Example:

2592000

scope
string
required

Space-separated list of scopes

Example:

"form:read entry:read"

Last modified on May 14, 2026