POST /oauth/convert

Required authentication: Application
Supported formats: json

Exchanges an OAuth code for a full OAuth grant object. The returned object will contain the grant_secret that you should use for future requests inside the Authorization header for that account.

Each code expires in 5 minutes, and can only be used once. Repeated requests sent to this method with the same code will fail.

Ensure that you save both the grant_id and the grant_secret you receive, as well as recording any other data in the object that your application needs to run, such as the information inside the account object.

Parameter Type Atn Details
code String The grant code from the previous step in the OAuth workflow.

Example Requests

Exchange an OAuth code for a grant object:

Content-Type: application/json
Authorization: Bearer cs-ExampleSecret

  "code": "gc-897tfjZG5A8l0yU0v9qELjoPDWAbbUvX"
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8

  "object": "oauth_grant",
  "grant_id": "544687c2-0f20-4f4c-8f1b-0e8f3e738b48",
  "created_at": "2018-01-16T06:38:39-05:00",
  "scope": "read",
  "grant_secret": "gs-dQAoA57vSwiY8briL32euL4PNQJ4d4RE",
  "revoked": false,
  "account": {
    "object": "scryfall_account",
    "id": "67c6bac8-de21-4261-8fb3-44ab7dac0730",
    "username": "amoeboi",
    "display_name": "Amoeboid Changeling",
    "twitter": "wizards_magic",
    "full_featured": true,
    "verified": false