Now that you have an Authorization Code, you must exchange it for tokens. Using the extracted Authorization Code (code) from the previous step, you will need to POST to the token URL:

curl --request POST \
  --url \
  --header 'content-type: application/json' \
  --data '{"client_id":"YOUR_CLIENT_ID","client_secret":"YOUR_CLIENT_SECRET","audience":"","grant_type":"authorization_code","redirect_uri":"YOUR_REDIRECT_URL","code":"YOUR_CODE"}'
client_idYour client ID.
client_secretYour client secret.
audienceThis should be set to ''.
grant_typeThis should be set to 'authorization_code'.
redirect_uriThis should be the same 'redirect_uri' used in the Authorize user step.
codeThe code obtained in the previous Authorize user step.

If all goes well, you'll receive an HTTP 200 response with a payload containing access_token, refresh_token, and token_type values:

  "access_token": "eyJz93a...k4laUWw",
  "refresh_token": "GEbRxBN...edjnXbL",
  "token_type": "Bearer",
  "expires_in": 86400