Authorization code

After you obtain an authorization code, you can exchange this authorization code for an access token by issuing an HTTPS POST request to Optimizely's authorization server.

The examples below show an example request and a successful response. The response will include an access token (with a lifetime of two hours) as well as a refresh token that can be used to request more access tokens after the initial access token expires.

Definitions

  • code – The authorization code returned in the redirect.
  • client_id – The client ID for your application (see app settings).
  • client_secret – client secret for your application (see app settings).
  • redirect_uri – The redirect URI used when requesting the authorization code.
  • grant_type – defined in the OAuth 2.0 spec, this field must contain a value of authorization_code.

Example POST request

POST https://app.optimizely.com/oauth2/token
  ?code=asdbawejksd
  &client_id=123
  &client_secret=iamverysecret
  &redirect_uri=http%3A%2F%2Fmyapplication.com
  &grant_type=authorization_code

Example JSON response

{
  "access_token": "abcdefghijklmnopqrstuvwxyz",
  "expires_in": 7200,
  "token_type": "bearer",
  "refresh_token": "1234567890abcdefghijklmnopqrstuvwxyz"
}