Get an authorization code that can be exchanged for an access_token and a refresh_token. For a video demo in Postman, click here.

This endpoint supports the following methods:

  • GET


Base URL

The base URL for this endpoint is your Janrain Capture domain; for example:


Your Capture domains (also known as Registration domains) can be found in the Janrain Console on the Manage Application page:


Example Request

curl -H "Authorization: Basic aW1fYV...NfbXk="\
    --data-urlencode redirect_uri=http://foo.janraincapture.com/oauth/flags=stay_in_window \
    --data-urlencode id=4\

Running Code Samples Using Postman

The Janrain REST API code samples are written using Curl, but they can easily be run from within Postman. To use one of our code samples in Postman:

  1. Click the Copy to Clipboard button located directly beneath the code sample
  2. In Postman, click Import to display the Import dialog box.
  3. In the Import dialog box, click Paste Raw Text, and then paste in the copied code. The Import dialog box should look similar to this:

  4. Click Import, and the Curl command will be converted to a format that can be run from within Postman. All you need to do now is configure the command to work with your Janrain implementation.

Authorized Clients

owner access_issuer


  •  janrain-signed
  •  basic-auth

Query Parameters

Parameter Type Required Description
uuid string UUID of the user account. This parameter is required unless you are using either the id parameter or the key_attribute parameter.
id string ID of the user account. This parameter is required unless you are using either the uuid parameter or the key_attribute parameter.
key_attribute string Unique attribute found in the user account schema. This parameter is required unless you are using either the id parameter or the uuid parameter.
key_value string Value assigned to the key_attribute parameter.
redirect_uri string Token exchange URL.
type_name string Yes Name of the entityType.
transaction_state string Yes JSON object that will be associated with the authorization code and returned when it is exchanged for an access_token and a refresh token. You determine what data is returned.
lifetime string Number of seconds for which the code is valid. The default is 30 seconds.
for_client_id string Yes Client ID of the API client being used to retrieve an authorization code.


200 OK

Response Example (application/json)

  "authorizationCode": "12345678912345",
  "stat": "ok"