OAuth 2.0 Token Exchange

Exchanges a partner-issued JWT for a Boosted access token. Partners authenticate using client credentials (client_id and client_secret) and provide a signed JWT in the request body. The JWT is validated and exchanged for a Boosted token with the requested scope.

Request

This endpoint expects an object.

grant_typestringRequired

Grant type (must be ‘urn:ietf:params:oauth:grant-type:token-exchange’)

subject_tokenstringRequired

The partner-issued JWT to exchange

subject_token_typestringRequired

Token type (must be ‘urn:ietf:params:oauth:token-type:jwt’)

client_idstringRequired

Partner client ID

client_secretstringRequired

Partner client secret

scopestringOptional

Requested scope (e.g., ‘thread’, ‘account-management’)

Response

access_tokenstring

expires_ininteger

issued_token_typestring

scopestring

token_typestring

Errors

400

Bad Request Error

401

Unauthorized Error

$	curl -X POST https://sandbox.api.boosted.ai/oauth2/token \
>	-H "Content-Type: application/x-www-form-urlencoded" \
>	-d "grant_type=string" \
>	-d "subject_token=string" \
>	-d "subject_token_type=string" \
>	-d "client_id=string" \
>	-d "client_secret=string"

1	{
2	"access_token": "string",
3	"expires_in": 1,
4	"issued_token_type": "string",
5	"scope": "string",
6	"token_type": "string"
7	}

$	curl -X POST https://sandbox.api.boosted.ai/oauth2/token \
>	-H "Content-Type: application/x-www-form-urlencoded" \
>	-d "grant_type=string" \
>	-d "subject_token=string" \
>	-d "subject_token_type=string" \
>	-d "client_id=string" \
>	-d "client_secret=string"

1	{
2	"access_token": "string",
3	"expires_in": 1,
4	"issued_token_type": "string",
5	"scope": "string",
6	"token_type": "string"
7	}