# Gets or refreshes an access token Gets or refreshes an access token, as part of the OAuth process. Endpoint: POST /token Version: 2.0.0 ## Header parameters: - `smartsheet-integration-source` (string) Uses the following metadata to distinguish between human-initiated API requests and third-party service-initiated calls by AI Connectors or ITSM: - Integration source type - Organization name - Integration source name Format: TYPE,OrgName,SourceName Examples: AI,SampleOrg,My-AI-Connector-v2 SCRIPT,SampleOrg2,Accounting-updater-script APPLICATION,SampleOrg3,SheetUpdater Example: "AI,SampleOrg,My-AI-Connector-v2" - `Content-Type` (string) Required for POST and PUT requests. Defines the structure for the response. Enum: "application/x-www-form-urlencoded" ## Query parameters: - `client_id` (string, required) The client ID you obtained when you registered your app. - `client_secret` (string) (Optional) Must use either this value or hash. Plain text method for sending this value. For example, client_secret={app_secret}. Encryption occurs at the HTTPS level. - `code` (string) Authorization code acquired after user selects "Allow" in the Web login UI. - `grant_type` (string, required) Must be set to "authorization_code". Enum: "authorization_code", "refresh_token" - `hash` (string) (Optional) Must use either this value or client_secret. SHA-256 hash of your app secret concatenated with a pipe and the authorization code. For example, hash={SHA_256(app_secret|code)}. - `refresh_token` (string) refresh_token value that came with the access token. - `redirect_url` (string) Deprecated If supplied, must match the redirect URI you registered for your app. ## Response 200 fields (application/json): - `access_token` (string) A credential that can be used by a client to access the Smartsheet API. - `token_type` (string) How an access token will be generated and presented. Smartsheet uses the bearer parameter, which means essentially give access to the bearer of this token. - `expires_in` (number) Number of seconds token is valid once issued. - `refresh_token` (string) A credential tied to the access token that can be used to obtain a fresh access token with the same permissions, without further involvement from a user. ## Response default fields (application/json): - `refId` (string) The ID of the specific error occurrence. Please include this information when contacting Smartsheet support. - `errorCode` (number) Custom error code from Smartsheet. See the complete [Error Code List](/api/smartsheet/error-codes). - `message` (string) Descriptive error message.