The token endpoint is used by the client to obtain an access token by presenting its authorization grant. For authorization_code grants, the application calls the POST /{{envID}}/as/token endpoint to acquire the access token. The request body must include values for the following properties:

grant_type

A string that specifies the grant type of the token request. In this example, the value is authorization_code.
code

A string that specifies the authorization code value returned by the authorization request.
redirect_uri

A string that specifies the URL that specifies the return entry point of the application.

Note: The request requires basic authentication, in which the application ID from Step 1 and the application secret from Step 2 are used to authenticate. In a curl command, you can use the --user parameter to satisfy the basic authentication requirement like this: --user "{{appID}}:{{appSecret}}".

The response data contains the access token and the ID token.