Create or refresh an access token to make requests on behalf of a user. This endpoint is used to obtain an access_token and refresh_token for the first time, and to refresh the access_token when it expires.
This endpoint is part of OAuth 2.0 implementation. You need to configure OAuth App to obtain client_id and client_secret. Read more about OAuth 2.0 implementation.
Make sure you're sending the header Content-Type: application/x-www-form-urlencoded.

Create Access Token

As a result of the OAuth 2.0 user authentication process, you should get a code that can be exchanged for an access_token. Use this endpoint to do this exchange, and to refresh the token later.

🚧

Invalid Grant?

If you receive an invalid grant response it is likely because you used the same code more than once from the Authorize a PandaDoc User step above. The code parameter is generated for one-time use. A new code value must be generated if you wish to change API users, permissions, or simply generate a new code value for the same PandaDoc user.

📘

expires_in

expires_in is based in seconds. Currently, a token expires in 31535999 seconds = 1 year.

Refresh Access Token

Eventually, access_token expires and accessing an API method returns 401 unauthorized. Your application needs to refresh the OAuth2 token with the stored refresh_token returned when initially creating an access token.

Once refreshed, calls on behalf of the originally authorized user can resume immediately. Use the newly returned access_token for all future API requests.

🚧

Invalid Grant?

If you receive an invalid grant response, it is likely because your refresh_token is invalid.