Token Service REST API Reference

The Token Service API lets you exchange either an ID token or a refresh token for an access token and a new refresh token. You can use the access token to securely call APIs that require user authorization.

HTTP request

POST https://securetoken.googleapis.com/v1/token

Request body

The request body contains data with the following structure:

URL-encoded representation
grant_type=string&code=string&refresh_token=string
Field name Type Description
grant_type string

The type of token you're sending:

  • authorization_code to send an ID token.
  • refresh_token to send a refresh token.

code string ID token to exchange for an access token and a refresh token. This field is called code to conform with the OAuth 2.0 specification. This field is ignored if grant_type isn't authorization_code.
refresh_token string Refresh token to exchange for an access token. This field is ignored if grant_type isn't refresh_token.

Response body

If successful, the response body contains data with the following structure:

JSON representation
{
  "access_token": string,
  "expires_in": string,
  "token_type": string,
  "refresh_token": string,
}
Field name Type Description
access_token string The granted access token.
expires_in string Expiration time of access_token in seconds.
token_type string The type of access_token. Included to conform with the OAuth 2.0 specification; always Bearer.
refresh_token string The granted refresh token; might be the same as refresh_token in the request.