Create or refresh an access token to make requests on behalf of a user. This endpoint is used to obtain an access_token and refresh_token for the first time, and to refresh the access_token when it expires.
This endpoint is part of OAuth 2.0 implementation. You need to configure OAuth App to obtain client_id and client_secret. Read more about OAuth 2.0 implementation.
Make sure you're sending the header Content-Type: application/x-www-form-urlencoded.
Create Access Token
As a result of the OAuth 2.0 user authentication process, you should get a code that can be exchanged for an access_token. Use this endpoint to do this exchange, and to refresh the token later.
Invalid Grant?
If you receive an invalid grant response it is likely because you used the same code more than once from the Authorize a PandaDoc User step above. The code parameter is generated for one-time use. A new code value must be generated if you wish to change API users, permissions, or simply generate a new code value for the same PandaDoc user.
expires_in
expires_in is based in seconds. Currently, a token expires in 31535999 seconds = 1 year.
Refresh Access Token
Eventually, access_token expires and accessing an API method returns 401 unauthorized. Your application needs to refresh the OAuth2 token with the stored refresh_token returned when initially creating an access token.
Once refreshed, calls on behalf of the originally authorized user can resume immediately. Use the newly returned access_token for all future API requests.
Invalid Grant?
If you receive an invalid grant response, it is likely because your refresh_token is invalid.