> ## Documentation Index
> Fetch the complete documentation index at: https://docs.withbenji.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Exchange the Connect Token

> Exchange the short-lived token returned from the Benji Connect SDK to a long-lived access token and refresh token using the Benji Platform API

<Note>The `x-api-key` header value to be used on this API is your **partner API key**, which can be generated through the dashboard.</Note>

<ParamField body="exchange_token" type="string" required>
  The **string token** passed as the first argument to your **`onSuccess`** callback after a successful Connect flow ([Methods & Events](/connect/methods#onsuccess)). This is the exchange token produced when the transport layer completes with **`FLOW_SUCCESS`** — pass it here, not the raw connect token used to initialize the **Benji Connect SDK**.
</ParamField>

### Return values

<ResponseField name="user_id" type="integer" required>
  The Benji Platform ID associated with the user.
</ResponseField>

<ResponseField name="merchant_id" type="integer" required>
  Your system ID as specified on the Benji Platform.
</ResponseField>

<ResponseField name="token_data" type="object" required>
  An object representing the access\_token, refresh\_token to use when using the Benji Platform APIs as well as the access token expiry date. Once an access token expires, you can use the refresh token to obtain a new access token silently without requiring the user to authenticate again.

  <Expandable title="properties" defaultOpen="true">
    <ResponseField name="access_token" type="string" required>Access Token to use when making user-oriented requests to the Benji Platform APIs </ResponseField>
    <ResponseField name="refresh_token" type="string" required>Refresh Token to [use](/api-reference/endpoint/authentication/refresh) in order to silently obtain a new access token when it expires </ResponseField>
    <ResponseField name="access_token_expires_at" type="string" required>A string representing a datetime of when this access token will expire </ResponseField>
  </Expandable>
</ResponseField>

<ResponseExample>
  ```json 200 theme={null}
  {
      "code": "ok",
      "data": {
          "user_id": 1,
          "merchant_id": 1,
          "token_data": {
              "access_token": "0c371a1c-aa81-11ef-b28c-0a58a9feac02",
              "refresh_token": "05tghegts-aa81-sgte-hgte-u8nhgbvgtio",
              "access_token_expires_at": "Tue, 22 Oct 2024 21:57:02 GMT"
          }
      }
  }
  ```

  ```json 401 theme={null}
  {
    "error": "invalid_exchange_token",
    "message": "Invalid exchange token"
  }
  ```

  ```json 401 theme={null}
  {
    "error": "expired_exchange_token",
    "message": "The exchange token has expired"
  }
  ```
</ResponseExample>

<Tip>Access tokens are typically valid for 90 days. You can refresh an access token either before it expires proactively, or after calling an API and getting an expired\_token 401 status code.</Tip>
<Warning>Call the Exchange Token API soon after **`onSuccess`**. The exchange token is valid for **15 minutes** after the successful callback.</Warning>

See also [Methods & Events](/connect/methods#onsuccess) in the **Benji Connect SDK** docs for the shape of **`onSuccess`** metadata alongside the token.
