Skip to main content
POST
/
v1
/
oauth
/
token
Generate OAuth 2.0 Token
curl --request POST \
  --url https://{cluster}.voucherify.io/v1/oauth/token \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --header 'X-App-Id: <api-key>' \
  --header 'X-App-Token: <api-key>' \
  --data grant_type=client_credentials \
  --data 'scope=qualifications validations redemptions'
{
  "access_token": "1ABCde2FGHijKl3m4NO5pqR6STUv7wxYzAbc8dE90FgH1IJkLm",
  "client_id": "a1Bcdefg2HI3Jkl4m5nOP",
  "expires_at": 1738945086,
  "expires_in": 900,
  "scope": "api",
  "token_type": "Bearer"
}

Authorizations

X-App-Id
string
header
required
X-App-Token
string
header
required

Body

application/x-www-form-urlencoded

Send the request as x-www-form-urlencoded. Separate scope values with spaces, not commas.

Request body schema for POST /oauth/token.

grant_type
enum<string>
required

Gives an access token outside of the context of a user.

Available options:
client_credentials
scope
string
required

Defines the scope of possible actions that can be done with the OAuth token. The api scope allows using the server-side API. The client_api scope allows using the whole client-side API. The values are space-delimited; do not use commas to separate the values.

Allowed values: api, assets, async-actions, campaigns, categories, client_api, client_consents, client_customers, client_events, client_promotions, client_publish, client_qualifications, client_redeem, client_redemptions, client_validate, client_validations, client_vouchers, consents, customers, events, exports, locations, loyalties, metadata-schemas, orders, product-collections, products, promotions, publications, qualifications, redemptions, referrals, rewards, segments, SKUs, task-results, templates, trash-bin, validation-rules-assignments, validation-rules, validations, vouchers.

Response

Returns details about the token to be used and its expiration times.

Response body schema for POST /oauth/token.

access_token
string
required

The access token used to authorize access to the Voucherify API.

client_id
string
required

Unique client identifier, assigned by Voucherify, for OAuth.

expires_at
integer
required

Timestamp in seconds in the Unix format indicating when the token expires.

expires_in
integer
required

Number of seconds left until the token expires.

scope
string
required

Defines the scope of possible actions that can be done with the OAuth token. The api scope allows using the server-side API. The client_api scope allows using the whole client-side API. Possible values: api, assets, async-actions, campaigns, categories, client_api, client_consents, client_customers, client_events, client_promotions, client_publish, client_qualifications, client_redeem, client_redemptions, client_validate, client_validations, client_vouchers, consents, customers, events, exports, locations, loyalties, metadata-schemas, orders, product-collections, products, promotions, publications, qualifications, redemptions, referrals, rewards, segments, SKUs, task-results, templates, trash-bin, validation-rules-assignments, validation-rules, validations, vouchers.

token_type
enum<string>
default:Bearer
required

Type of the token. Use the value as the header prefix for authorization.

Available options:
Bearer
Last modified on December 3, 2025