Skip to main content
POST
/
oauth
/
token
Exchange authorization code for OAuth token
curl --request POST \
  --url https://mcp.echozero.app/oauth/token \
  --header 'Content-Type: application/json' \
  --data '
{
  "grant_type": "authorization_code",
  "code": "<string>",
  "redirect_uri": "http://127.0.0.1:8765/callback",
  "client_id": "echozero-cli",
  "code_verifier": "<string>"
}
'

Headers

x-signature
string

HMAC-SHA256 signature: HMAC-SHA256(secretKey, timestamp + METHOD + path + body). Optional -- when omitted, HMAC verification is skipped.

x-timestamp
string

Request timestamp in epoch milliseconds. Required when x-signature is provided. Rejected if drift exceeds 5 minutes.

Body

application/json
grant_type
string
required
Example:

"authorization_code"

code
string
required
redirect_uri
string
required
Example:

"http://127.0.0.1:8765/callback"

client_id
string
required
Example:

"echozero-cli"

code_verifier
string
required

Response

201 - undefined