POST /oauth/convert

Required authentication: Application

Supported formats: json

Exchanges an OAuth code for a full OAuth grant object.
The returned object will contain the grant_secret
that you should use for future requests inside the Authorization
header for that account.

Each code expires in 5 minutes, and can only be used once.
Repeated requests sent to this method with the same code will fail.

Ensure that you save both the grant_id and the grant_secret
you receive, as well as recording any other data in the object
that your application needs to run, such as the information
inside the account object.

Parameter Type Atn Details
code String The grant code from the previous step in the OAuth workflow.

Example Requests

Exchange an OAuth code for a grant object:

Content-Type: application/json
Authorization: Bearer cs-ExampleSecret

  "code": "gc-A3hL9PX9Ya8T9MGgtrUxgXSvVKV42Gas"
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8

  "object": "oauth_grant",
  "grant_id": "5a26a2b2-96ab-4144-b0d4-186654efc0ff",
  "created_at": "2018-12-17T15:42:53-05:00",
  "scope": "read",
  "grant_secret": "gs-EXRlkpulVxhkczmanDiHepdzeZdtpAV7",
  "revoked": false,
  "account": {
    "object": "scryfall_account",
    "id": "9de3b21e-975a-4f2e-897d-dc298e15f609",
    "username": "amoeboi",
    "display_name": "Amoeboid Changeling",
    "twitter": "wizards_magic",
    "full_featured": true,
    "verified": false