← OAuth 2.0
Get Access Token
Use access tokens to access Revo Digital resources on behalf of an authenticated sub-account/company. Exchange an authorization code or refresh token for a new access token.
POST
/oauth/tokenScope
—
Auth Method
Client Credentials
Token Type
Company / Location
Body Parameters
| Parameter | Type | Description |
|---|---|---|
client_idrequired | string | The Client ID provided by Revo Digital for your integration. |
client_secretrequired | string | The Client Secret provided by Revo Digital for your integration. |
grant_typerequired | string | The type of token to be requested. Possible values: authorization_code, refresh_token, client_credentials |
code | string | The authorization code received after user authorization. Required when grant_type is authorization_code. |
refresh_token | string | The refresh token from a previous token response. Required when grant_type is refresh_token. |
user_type | string | The type of user token to request. Possible values: Company, Location |
redirect_uri | string | The redirect URI registered for your application. Required for authorization_code grant. |
Example Request — Authorization CodecURL
curl -X POST \
'https://services.leadconnectorhq.com/oauth/token' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'client_id=YOUR_CLIENT_ID' \
-d 'client_secret=YOUR_CLIENT_SECRET' \
-d 'grant_type=authorization_code' \
-d 'code=AUTHORIZATION_CODE' \
-d 'redirect_uri=https://yourapp.com/callback' \
-d 'user_type=Location'Example Request — Refresh TokencURL
curl -X POST \
'https://services.leadconnectorhq.com/oauth/token' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'client_id=YOUR_CLIENT_ID' \
-d 'client_secret=YOUR_CLIENT_SECRET' \
-d 'grant_type=refresh_token' \
-d 'refresh_token=REFRESH_TOKEN' \
-d 'user_type=Location'Response — 200 OK
Example ResponseJSON
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "Bearer",
"expires_in": 86400,
"refresh_token": "cj0rMTIzNDU2Nzg5...",
"scope": "contacts.readonly contacts.write ...",
"locationId": "ve9EPM428h8vShlRW1KT",
"companyId": "5DP41231LkQsiKESj6rh",
"approvedLocations": ["ve9EPM428h8vShlRW1KT"],
"userId": "usr_abc123",
"planId": "plan_xyz789",
"installToFutureLocations": true,
"approvedAllLocations": false
}Response Fields
| Parameter | Type | Description |
|---|---|---|
access_token | string | The access token to use for API requests. |
token_type | string | Always "Bearer". |
expires_in | integer | Time in seconds until the token expires (typically 86400 = 24 hours). |
refresh_token | string | A refresh token to obtain a new access token when the current one expires. |
scope | string | Space-separated list of scopes the token has access to. |
locationId | string | Location ID — present only for Sub-Account access tokens. |
companyId | string | Company ID associated with the token. |
approvedLocations | string[] | Approved locations to generate location access tokens for. |
userId | string | User ID of the person who performed the installation. |
planId | string | Plan ID of the subscribed plan (paid apps only). |
installToFutureLocations | boolean | Whether the user wants the app auto-installed to future locations (company tokens only). |
approvedAllLocations | boolean | Whether the user approved all locations during bulk installation (company tokens only). |
Token Refresh
Access tokens expire after 24 hours. Use the refresh_token with grant_type=refresh_token to obtain a new access token without requiring the user to re-authorize. Refresh tokens are single-use — each refresh response includes a new refresh token.