Exchange Code

POST/api/v1/oauth2/exchange

Exchange a single-use code or refresh token for access + refresh tokens.

Called from the SPA — no client credentials required. The code was already authenticated when created via POST /oauth2/token.

Code exchange: Provide code from the /token response. Token refresh: Provide refresh_token from a previous exchange.

Operation ID: exchange_code_api_v1_oauth2_exchange_post·View as markdown·OpenAPI slice

Authentication

Bearer token authentication. Pass your DayZero API token in the Authorization header and the target business UUID in x-business-id.

Responses

200Successful Response

Schema: OAuthTokenResponse

access_tokenstringrequired: The access token (JWT)
token_typestring: Token type (always 'Bearer')
expires_inintegerrequired: Access token lifetime in seconds
refresh_tokenstring: Refresh token for obtaining new access tokens
scopestring: Granted scope (may differ from requested)

422Validation Error

Schema: HTTPValidationError

detailarray · ValidationErrorValidationError

5 fields

locarray · string | integerrequired
msgstringrequired
typestringrequired
inputobject
ctxobject

Code samples

POST/api/v1/oauth2/exchange

bash

curl -X POST 'https://api.ondayzero.com/api/v1/oauth2/exchange' \
  -H 'Authorization: Bearer dz_your_token' \
  -H 'x-business-id: YOUR_BUSINESS_ID' \
  -H 'Content-Type: application/json' \
  -d ''