For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
LoginStart trialGet a demo
  • Welcome
    • Getting Started
    • Create an API Key
    • Pagination
    • Rate Limiting
    • No-Code Integrations
  • Webhooks
  • OAuth2
      • POSTCreate token
      • POSTRevoke token
      • POSTIntrospect token
      • GETGet token info
  • API Reference
LogoLogo
LoginStart trialGet a demo
OAuth2Tokens

Create token

POST
https://app.beehiiv.com/oauth/token
POST
/oauth/token
$curl -X POST https://app.beehiiv.com/oauth/token \
>     -H "Content-Type: application/json" \
>     -d '{
>  "grant_type": "authorization_code",
>  "code": "SplxlOBeZQQYbYS6WxSbIA",
>  "redirect_uri": "http://localhost:3008/callback",
>  "client_id": "WDgKDt_bHOXUfWRhGf2ovKZmFHQ9r_Erd01IPmz_boc",
>  "client_secret": "your-client-secret"
>}'
1{
2  "access_token": "2YotnFZFEjr1zCsicMWpAA",
3  "token_type": "Bearer",
4  "expires_in": 7200,
5  "created_at": 1739980800,
6  "refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",
7  "scope": "posts:read"
8}

Exchanges an authorization code for an access token, or exchanges a refresh token for a new access token. Send parameters as application/x-www-form-urlencoded.

Was this page helpful?
Previous

Revoke token

Next
Built with

Request

This endpoint expects an object.
grant_typeenumRequired

authorization_code or refresh_token.

Allowed values:
codestringOptional

Authorization code returned from /oauth/authorize.

redirect_uristringOptional
Must match the redirect URI used in the authorization request.
client_idstringOptional

OAuth application client ID (uid).

client_secretstringOptional
Required for confidential clients.
refresh_tokenstringOptional
Refresh token returned from a previous token exchange.
code_verifierstringOptional

PKCE code verifier (required when a code challenge was sent).

Response

OK
access_tokenstring
token_typeenum
The token type returned by OAuth2 token endpoints.
Allowed values:
expires_ininteger
created_atinteger
refresh_tokenstring
scopestring

Errors

400
O Auth Bad Request Error
401
O Auth Unauthorized Error