> For the complete documentation index, see [llms.txt](https://docs.edgetag.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.edgetag.io/api/getting-started/oauth-2.0/implementation/getting-access-token.md). # Getting Access Token Now that your user is redirected back to your app, you will get code in the URL (and state if you defined it), which you will exchange for an Access Token. To do an exchange, it's straightforward. You will need to call one API (see [Implementation page](/api/getting-started/oauth-2.0/implementation.md) for URLs). First, get the code from the URL. You can do that with a simple search params get. ```javascript const url = new URL(window.location.url) const code = url.searchParams.get('code') ``` Now we will call an API with this info. {% tabs %} {% tab title="JavaScript" %} ```javascript const verifier = 'my secret text' const tokenUrl = 'http://api-sandbox.edgetag.io/v1/oauth-app/client/token' const body = new URLSearchParams({ code, code_verifier: verifier, grant_type: 'authorization_code', }) const response = await fetch(tokenUrl, { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded', Authorization: `Basic ${btoa(clientId + ':' + clientSecret)}`, }, body }) ``` {% endtab %} {% tab title="CURL" %} ```bash curl --request POST \ --url http://api-sandbox.edgetag.io/v1/oauth-app/client/token \ --header 'Authorization: Basic ZDAyNzJjNDItN2VjYy00ODk5LWExYTctMDgwMWE4YTlkYTJmOmQwMjcyYzQyLTdlY2MtNDg5OS1hMWE3LTA4MDFhOGE5ZGEyZg==' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data code=kaKTYtdQw7Qxa-aSIQjjvFNXqLiZ_TlwAoXSocuQypQ \ --data code_verifier=my%20secret%20text \ --data grant_type=authorization_code ``` {% endtab %} {% endtabs %} Let's look at the code to see what we are doing. We are adding three parameters to the URL: 1\) **code**: you get that from the URL 2\) **code\_verifier**: this is the one that you hashed before you for the redirect. You need to pass it here in plain text 3\) **grant\_type**: this needs to be `authorization_code` Next, we need to add an Authorization header. This is a basic authorization with a client ID and secret, base64-encoded. Request is `GET` . If the request is successful, you will get the following response: ```javascript { access_token: 'kXzY5wUoUyt6jT_zlayTewPDtgGOuXFcrv0dqWSOBOo', refresh_token: 'PGFanyIh-GUKReZ5P1LlAsUJzBR76BQI5SJlIX4-aHQ', expires_in: 7200, } ``` Our access token expires every two hours (7200 seconds). You will need to use `refresh_token` to get a new token after two hours. We will learn how to do it on the next page. `access_token` is already a valid token that you can use for the next two hours. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.edgetag.io/api/getting-started/oauth-2.0/implementation/getting-access-token.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.