The token endpoint is used in third-party apps to obtain Karhoo access tokens by presenting its authorization grant or a refresh token (the prerequisite for using this endpoint is being in possession of either an authorization code or a refresh token).
Primary purpose of this endpoint is to finish the 2-legged authorization process initiated from the /oauth/v2/authorize endpoint. The token endpoint should be called with
grant_type=authorization_code and the
code received as a query parameter to your
Refreshing the token
Secondary purpose of this endpoint is to refresh expired access tokens. When an access token expires, the token endpoint should be called with
grant_type=refresh_token and the
refresh_token obtained previously from either the authorization code flow or the token exchange flow. This allows you to obtain a new access token without being forced to reauthenticate with your username/password or an external token.
In order to use this endpoint your application must be registered within Karhoo auth service as a valid client (assigned with a
This endpoint is compliant with the OAuth 2.0 Authorization Framework spec.