Exchange authorization code or refresh token for access token
curl --request POST \
--url https://api.fourthwall.com/open-api/v1.0/platform/token \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data client_id=app_12345 \
--data grant_type=authorization_code \
--data 'client_secret=<string>' \
--data redirect_uri=https://example.com/callback \
--data 'code=<string>' \
--data 'refresh_token=<string>' \
--data 'code_verifier=<string>'import requests
url = "https://api.fourthwall.com/open-api/v1.0/platform/token"
payload = {
"client_id": "app_12345",
"grant_type": "authorization_code",
"client_secret": "<string>",
"redirect_uri": "https://example.com/callback",
"code": "<string>",
"refresh_token": "<string>",
"code_verifier": "<string>"
}
headers = {"Content-Type": "application/x-www-form-urlencoded"}
response = requests.post(url, data=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {'Content-Type': 'application/x-www-form-urlencoded'},
body: new URLSearchParams({
client_id: 'app_12345',
grant_type: 'authorization_code',
client_secret: '<string>',
redirect_uri: 'https://example.com/callback',
code: '<string>',
refresh_token: '<string>',
code_verifier: '<string>'
})
};
fetch('https://api.fourthwall.com/open-api/v1.0/platform/token', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api.fourthwall.com/open-api/v1.0/platform/token",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "client_id=app_12345&grant_type=authorization_code&client_secret=%3Cstring%3E&redirect_uri=https%3A%2F%2Fexample.com%2Fcallback&code=%3Cstring%3E&refresh_token=%3Cstring%3E&code_verifier=%3Cstring%3E",
CURLOPT_HTTPHEADER => [
"Content-Type: application/x-www-form-urlencoded"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://api.fourthwall.com/open-api/v1.0/platform/token"
payload := strings.NewReader("client_id=app_12345&grant_type=authorization_code&client_secret=%3Cstring%3E&redirect_uri=https%3A%2F%2Fexample.com%2Fcallback&code=%3Cstring%3E&refresh_token=%3Cstring%3E&code_verifier=%3Cstring%3E")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.post("https://api.fourthwall.com/open-api/v1.0/platform/token")
.header("Content-Type", "application/x-www-form-urlencoded")
.body("client_id=app_12345&grant_type=authorization_code&client_secret=%3Cstring%3E&redirect_uri=https%3A%2F%2Fexample.com%2Fcallback&code=%3Cstring%3E&refresh_token=%3Cstring%3E&code_verifier=%3Cstring%3E")
.asString();require 'uri'
require 'net/http'
url = URI("https://api.fourthwall.com/open-api/v1.0/platform/token")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["Content-Type"] = 'application/x-www-form-urlencoded'
request.body = "client_id=app_12345&grant_type=authorization_code&client_secret=%3Cstring%3E&redirect_uri=https%3A%2F%2Fexample.com%2Fcallback&code=%3Cstring%3E&refresh_token=%3Cstring%3E&code_verifier=%3Cstring%3E"
response = http.request(request)
puts response.read_body{}{
"code": "OPEN_API_TOO_MANY_REQUESTS",
"title": "Too many requests",
"status": 429
}Platform Token
Exchange Token
Rate limit: 100 requests / 10 seconds per shop. See Rate limiting.
OAuth 2.0 token endpoint. Supports ‘authorization_code’ grant type for exchanging authorization codes for tokens, and ‘refresh_token’ grant type for refreshing access tokens.
POST
/
open-api
/
v1.0
/
platform
/
token
Exchange authorization code or refresh token for access token
curl --request POST \
--url https://api.fourthwall.com/open-api/v1.0/platform/token \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data client_id=app_12345 \
--data grant_type=authorization_code \
--data 'client_secret=<string>' \
--data redirect_uri=https://example.com/callback \
--data 'code=<string>' \
--data 'refresh_token=<string>' \
--data 'code_verifier=<string>'import requests
url = "https://api.fourthwall.com/open-api/v1.0/platform/token"
payload = {
"client_id": "app_12345",
"grant_type": "authorization_code",
"client_secret": "<string>",
"redirect_uri": "https://example.com/callback",
"code": "<string>",
"refresh_token": "<string>",
"code_verifier": "<string>"
}
headers = {"Content-Type": "application/x-www-form-urlencoded"}
response = requests.post(url, data=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {'Content-Type': 'application/x-www-form-urlencoded'},
body: new URLSearchParams({
client_id: 'app_12345',
grant_type: 'authorization_code',
client_secret: '<string>',
redirect_uri: 'https://example.com/callback',
code: '<string>',
refresh_token: '<string>',
code_verifier: '<string>'
})
};
fetch('https://api.fourthwall.com/open-api/v1.0/platform/token', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api.fourthwall.com/open-api/v1.0/platform/token",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "client_id=app_12345&grant_type=authorization_code&client_secret=%3Cstring%3E&redirect_uri=https%3A%2F%2Fexample.com%2Fcallback&code=%3Cstring%3E&refresh_token=%3Cstring%3E&code_verifier=%3Cstring%3E",
CURLOPT_HTTPHEADER => [
"Content-Type: application/x-www-form-urlencoded"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://api.fourthwall.com/open-api/v1.0/platform/token"
payload := strings.NewReader("client_id=app_12345&grant_type=authorization_code&client_secret=%3Cstring%3E&redirect_uri=https%3A%2F%2Fexample.com%2Fcallback&code=%3Cstring%3E&refresh_token=%3Cstring%3E&code_verifier=%3Cstring%3E")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.post("https://api.fourthwall.com/open-api/v1.0/platform/token")
.header("Content-Type", "application/x-www-form-urlencoded")
.body("client_id=app_12345&grant_type=authorization_code&client_secret=%3Cstring%3E&redirect_uri=https%3A%2F%2Fexample.com%2Fcallback&code=%3Cstring%3E&refresh_token=%3Cstring%3E&code_verifier=%3Cstring%3E")
.asString();require 'uri'
require 'net/http'
url = URI("https://api.fourthwall.com/open-api/v1.0/platform/token")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["Content-Type"] = 'application/x-www-form-urlencoded'
request.body = "client_id=app_12345&grant_type=authorization_code&client_secret=%3Cstring%3E&redirect_uri=https%3A%2F%2Fexample.com%2Fcallback&code=%3Cstring%3E&refresh_token=%3Cstring%3E&code_verifier=%3Cstring%3E"
response = http.request(request)
puts response.read_body{}{
"code": "OPEN_API_TOO_MANY_REQUESTS",
"title": "Too many requests",
"status": 429
}Body
application/x-www-form-urlencodedapplication/json
OAuth 2.0 token request
OAuth application client ID
Example:
"app_12345"
OAuth grant type
Available options:
authorization_code, refresh_token Example:
"authorization_code"
OAuth application client secret (required for confidential clients)
Redirect URI used during authorization (required for authorization_code grant)
Example:
"https://example.com/callback"
Authorization code (required for authorization_code grant)
Refresh token (required for refresh_token grant)
PKCE code verifier (required for public clients using authorization_code grant)
Response
OK
The response is of type object.
⌘I