Skip to main content

Overview

The Tokens service handles the complete token lifecycle: exchanging authorization codes, refreshing tokens, online verification, and revocation.

Exchange

Exchange an authorization code for a grant token after the user consents.

Parameters

Response (ExchangeTokenResponse)

Refresh

Exchange a refresh token for a new grant token. Refresh tokens are single-use — each refresh returns a new refresh token.
Refresh tokens are single-use. Each call returns a new RefreshToken that you must store. The old refresh token is invalidated immediately.

Parameters

Response

Same ExchangeTokenResponse as Exchange — includes a new GrantToken and RefreshToken.

Verify

Perform online token verification against the Grantex API.

Response (VerifyTokenResponse)

Revoke

Revoke a token by its JTI (token ID).
Returns nil on success (HTTP 204).
Last modified on February 28, 2026