Exchange the Connect Token

curl --request POST \
  --url https://authservice-staging.withbenji.com/access/token/exchange \
  --header 'Content-Type: application/json' \
  --header 'x-api-key: <api-key>' \
  --data '
{
  "exchange_token": "<string>"
}
'

{
    "code": "ok",
    "data": {
        "user_id": 1,
        "merchant_id": 1,
        "token_data": {
            "access_token": "0c371a1c-aa81-11ef-b28c-0a58a9feac02",
            "refresh_token": "05tghegts-aa81-sgte-hgte-u8nhgbvgtio",
            "access_token_expires_at": "Tue, 22 Oct 2024 21:57:02 GMT"
        }
    }
}

POST

access

token

exchange

Exchange the Connect Token

curl --request POST \
  --url https://authservice-staging.withbenji.com/access/token/exchange \
  --header 'Content-Type: application/json' \
  --header 'x-api-key: <api-key>' \
  --data '
{
  "exchange_token": "<string>"
}
'

{
    "code": "ok",
    "data": {
        "user_id": 1,
        "merchant_id": 1,
        "token_data": {
            "access_token": "0c371a1c-aa81-11ef-b28c-0a58a9feac02",
            "refresh_token": "05tghegts-aa81-sgte-hgte-u8nhgbvgtio",
            "access_token_expires_at": "Tue, 22 Oct 2024 21:57:02 GMT"
        }
    }
}

The x-api-key header value to be used on this API is your partner API key, which can be generated through the dashboard.

exchange_token

string

required

The string token passed as the first argument to your onSuccess callback after a successful Connect flow (Methods & Events). This is the exchange token produced when the transport layer completes with FLOW_SUCCESS — pass it here, not the raw connect token used to initialize the Benji Connect SDK.

Return values

user_id

integer

required

The Benji Platform ID associated with the user.

merchant_id

integer

required

Your system ID as specified on the Benji Platform.

token_data

object

required

An object representing the access_token, refresh_token to use when using the Benji Platform APIs as well as the access token expiry date. Once an access token expires, you can use the refresh token to obtain a new access token silently without requiring the user to authenticate again.

Hide properties

access_token

string

required

Access Token to use when making user-oriented requests to the Benji Platform APIs

refresh_token

string

required

Refresh Token to use in order to silently obtain a new access token when it expires

access_token_expires_at

string

required

A string representing a datetime of when this access token will expire

{
    "code": "ok",
    "data": {
        "user_id": 1,
        "merchant_id": 1,
        "token_data": {
            "access_token": "0c371a1c-aa81-11ef-b28c-0a58a9feac02",
            "refresh_token": "05tghegts-aa81-sgte-hgte-u8nhgbvgtio",
            "access_token_expires_at": "Tue, 22 Oct 2024 21:57:02 GMT"
        }
    }
}

Access tokens are typically valid for 90 days. You can refresh an access token either before it expires proactively, or after calling an API and getting an expired_token 401 status code.

Call the Exchange Token API soon after onSuccess. The exchange token is valid for 15 minutes after the successful callback.

See also Methods & Events in the Benji Connect SDK docs for the shape of onSuccess metadata alongside the token.

Methods & Events

⌘I

Documentation Index

​Return values

Return values