Exchange a personal API token for an application-specific refresh token.

NOTE: You must provide a personal API token Authorization header for the user whose account will be accessed by the OAuth application. The refresh token will be created for this user.

This route is an "advanced" route for 3rd party vendors that are integrating with our API. Vendor client IDs are currently provided by request.

The returned token is an application-specific bearer token valid for one hour. You may safely ignore it if all you require is the refresh token, which is used to generate more bearer tokens in the future.

Applications are encouraged to discard the personal token upon storage of the refresh token as the personal token is significantly more sensitive.

For security reasons, issues with credentials provided to this endpoint will always return a 404.

Click Try It! to start a request and see the response here!