Exchange Code

POST /api/v1/oauth2/exchange

Exchange a single-use code or refresh token for access + refresh tokens.

Called from the SPA — no client credentials required. The code was already authenticated when created via POST /oauth2/token.

Code exchange: Provide code from the /token response. Token refresh: Provide refresh_token from a previous exchange.

Operation ID: exchange_code_api_v1_oauth2_exchange_post · View as markdown · OpenAPI slice

Authentication

Bearer token authentication. Pass your DayZero API token in the Authorization header and the target business UUID in x-business-id.

Responses

200 Successful Response

Schema: OAuthTokenResponse

access_token string required: The access token (JWT)
token_type string: Token type (always 'Bearer')
expires_in integer required: Access token lifetime in seconds
refresh_token string: Refresh token for obtaining new access tokens
scope string: Granted scope (may differ from requested)

422 Validation Error

Schema: HTTPValidationError

detail array · ValidationError ValidationError

5 fields

loc array · string | integer required
msg string required
type string required
input object
ctx object

Code samples

POST /api/v1/oauth2/exchange

bash

curl -X POST 'https://api.ondayzero.com/api/v1/oauth2/exchange' \
  -H 'Authorization: Bearer dz_your_token' \
  -H 'x-business-id: YOUR_BUSINESS_ID' \
  -H 'Content-Type: application/json' \
  -d ''

javascript

const response = await fetch('https://api.ondayzero.com/api/v1/oauth2/exchange', {
  method: 'POST',
  headers: {
    Authorization: 'Bearer dz_your_token',
    'x-business-id': 'YOUR_BUSINESS_ID',
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({}),
});
const data = await response.json();

python

import httpx

headers = {
    "Authorization": "Bearer dz_your_token",
    "x-business-id": "YOUR_BUSINESS_ID",
}

payload = {}

response = httpx.post("https://api.ondayzero.com/api/v1/oauth2/exchange", headers=headers, json=payload)
data = response.json()