The token endpoint is used in third-party apps to obtain Karhoo access tokens by presenting its authorization grant or a refresh token (the prerequisite for using this endpoint is being in possession of either an authorization code or a refresh token).
Authorization code
Primary purpose of this endpoint is to finish the 2-legged authorization process initiated from the /oauth/v2/authorize endpoint. The token endpoint should be called with grant_type=authorization_code and the code received as a query parameter to your redirect_uri.
Refreshing the token
Secondary purpose of this endpoint is to refresh expired access tokens. When an access token expires, the token endpoint should be called with grant_type=refresh_token and the refresh_token obtained previously from either the authorization code flow or the token exchange flow. This allows you to obtain a new access token without being forced to reauthenticate with your username and password/an external token.
In order to use this endpoint your application must be registered within Karhoo auth service as a valid client (assigned with a client_id).
This endpoint is compliant with the OAuth 2.0 Authorization Framework spec.