Exchanges a temporary OAuth verifier code for an access token.

Optional Params

• client_id - Issued when you created your application. If possible, avoid sending client_id and client_secret as parameters in your request and instead supply the Client ID and Client Secret using the HTTP Basic authentication scheme. If at all possible, avoid sending client_id and client_secret as parameters in your request. ex: 2141029472.691202649728
• client_secret - Issued when you created your application. If possible, avoid sending client_id and client_secret as parameters in your request and instead supply the Client ID and Client Secret using the HTTP Basic authentication scheme. If at all possible, avoid sending client_id and client_secret as parameters in your request. ex: e1b9e11dfcd19c1982d5de12921e17e8c
• code - The code param returned via the OAuth callback. ex: 4724469134.4644010092847.232b4e6d82c333b475fc30f5f5a341d294feb1a94392c2fd791f7ab7731a443d1a
• code_verifier - The code_verifier param used to generate the code_challenge originally. Used for PKCE. ex: secret12345
• grant_type - The grant_type param as described in the OAuth spec. ex: authorization_code
• redirect_uri - This must match the originally submitted URI (if one was sent). ex: http://example.com
• refresh_token - The refresh_token param as described in the OAuth spec. ex: xoxe-1-abcdefg

Errors the API can return:

• token_revoked - Authentication token is for a deleted user or workspace or the app has been removed when using a user token.
• invalid_arg_name - The method was passed an argument whose name falls outside the bounds of accepted or expected values. This includes very long names and names with non-alphanumeric characters other than _. If you get this error, it is typically an indication that you have made a very malformed API call.
• two_factor_setup_required - Two factor setup is required.
• invalid_form_data - The method was called via a POST request with Content-Type application/x-www-form-urlencoded or multipart/form-data, but the form data was either missing or syntactically invalid.
• invalid_post_type - The method was called via a POST request, but the specified Content-Type was invalid. Valid types are: application/json application/x-www-form-urlencoded multipart/form-data text/plain.
• fatal_error - The server could not complete your operation(s) without encountering a catastrophic error. It's possible some aspect of the operation succeeded before the error was raised.
• deprecated_endpoint - The endpoint has been deprecated.
• invalid_client_id - Value passed for client_id was invalid.
• oauth_authorization_url_mismatch - The OAuth flow was initiated on an incorrect version of the authorization url. The flow must be initiated via /oauth/v2/authorize.
• ratelimited - The request has been ratelimited. Refer to the Retry-After header for when to retry the request.
• ekm_access_denied - Administrators have suspended the ability to post a message.
• service_unavailable - The service is temporarily unavailable
• team_access_not_granted - The token used is not granted the specific workspace access required to complete this request.
• cannot_install_an_org_installed_app - Returned when the the org-installed app cannot be installed on a workspace.
• user_email_unverified - The users email is unverified.
• bad_client_secret - Value passed for client_secret was invalid.
• invalid_arguments - The method was called with invalid arguments.
• invalid_array_arg - The method was passed an array as an argument. Please only input valid strings.
• request_timeout - The method was called via a POST request, but the POST data was either missing or truncated.
• account_inactive - Authentication token is for a deleted user or workspace when using a bot token.
• bad_redirect_uri - Value passed for redirect_uri did not match the redirect_uri in the original request.
• invalid_code_verifier - The code_verifier is invalid.
• not_authed - No authentication token provided.
• internal_error - The server could not complete your operation(s) without encountering an error, likely due to a transient issue on our end. It's possible some aspect of the operation succeeded before the error was raised.
• enterprise_is_restricted - The method cannot be called from an Enterprise.
• no_permission - The workspace token used in this request does not have the permissions necessary to complete the request. Make sure your app is a member of the conversation it's attempting to post a message to.
• access_denied - Access to a resource specified in the request is denied.
• team_added_to_org - The workspace associated with your request is currently undergoing migration to an Enterprise Organization. Web API and other platform operations will be intermittently unavailable until the transition is complete.
• missing_scope - The token used is not granted the specific scope permissions required to complete this request.
• missing_post_type - The method was called via a POST request and included a data payload, but the request did not include a Content-Type header.
• accesslimited - Access to this method is limited on the current network
• pkce_not_allowed - The app is not allowed to use the PKCE flow.
• no_scopes - Missing scope in the request.
• token_expired - Authentication token has expired
• invalid_code - Value passed for code was invalid.
• invalid_charset - The method was called via a POST request, but the charset specified in the Content-Type header was invalid. Valid charset names are: utf-8 iso-8859-1.
• method_deprecated - The method has been deprecated.
• preview_feature_not_available - Returned when the API method is not yet available on the team in context.
• not_allowed_token_type - The token type used in this request is not allowed.
• invalid_refresh_token - The given refresh token is invalid.
• org_login_required - The workspace is undergoing an enterprise migration and will not be available until migration is complete.
• invalid_auth - Some aspect of authentication cannot be validated. Either the provided token is invalid or the request originates from an IP address disallowed from making the request.
• invalid_grant_type - Value passed for grant_type was invalid.

Exchanges a legacy access token for a new expiring access token and refresh token

Required Params

• client_id - Issued when you created your application. ex: 4123121235.9872358710
• client_secret - Issued when you created your application. ex: e1b9e11dfcd19c1982d5de12921e17e8c

Errors the API can return:

• token_already_exchanged - This token has already been exchanged for a pair of token credentials.
• authorization_not_found - The underlying authorization for this token was revoked or is invalid.
• token_revoked - Authentication token is for a deleted user or workspace or the app has been removed when using a user token.
• invalid_arg_name - The method was passed an argument whose name falls outside the bounds of accepted or expected values. This includes very long names and names with non-alphanumeric characters other than _. If you get this error, it is typically an indication that you have made a very malformed API call.
• two_factor_setup_required - Two factor setup is required.
• invalid_form_data - The method was called via a POST request with Content-Type application/x-www-form-urlencoded or multipart/form-data, but the form data was either missing or syntactically invalid.
• invalid_post_type - The method was called via a POST request, but the specified Content-Type was invalid. Valid types are: application/json application/x-www-form-urlencoded multipart/form-data text/plain.
• fatal_error - The server could not complete your operation(s) without encountering a catastrophic error. It's possible some aspect of the operation succeeded before the error was raised.
• deprecated_endpoint - The endpoint has been deprecated.
• invalid_client_id - Value passed for client_id was invalid.
• ratelimited - The request has been ratelimited. Refer to the Retry-After header for when to retry the request.
• ekm_access_denied - Administrators have suspended the ability to post a message.
• service_unavailable - The service is temporarily unavailable
• team_access_not_granted - The token used is not granted the specific workspace access required to complete this request.
• token_rotation_not_enabled - The app does not have token rotation enabled.
• bad_client_secret - Value passed for client_secret was invalid.
• invalid_arguments - The method was called with invalid arguments.
• invalid_array_arg - The method was passed an array as an argument. Please only input valid strings.
• request_timeout - The method was called via a POST request, but the POST data was either missing or truncated.
• account_inactive - Authentication token is for a deleted user or workspace when using a bot token.
• not_authed - No authentication token provided.
• internal_error - A server-side error occurred.
• enterprise_is_restricted - The method cannot be called from an Enterprise.
• no_permission - The workspace token used in this request does not have the permissions necessary to complete the request. Make sure your app is a member of the conversation it's attempting to post a message to.
• access_denied - Access to a resource specified in the request is denied.
• team_added_to_org - The workspace associated with your request is currently undergoing migration to an Enterprise Organization. Web API and other platform operations will be intermittently unavailable until the transition is complete.
• missing_scope - The token used is not granted the specific scope permissions required to complete this request.
• missing_post_type - The method was called via a POST request and included a data payload, but the request did not include a Content-Type header.
• accesslimited - Access to this method is limited on the current network
• invalid_token - The legacy token provided cannot be exchanged for a new pair of token credentials.
• token_expired - Authentication token has expired
• invalid_charset - The method was called via a POST request, but the charset specified in the Content-Type header was invalid. Valid charset names are: utf-8 iso-8859-1.
• method_deprecated - The method has been deprecated.
• not_allowed_token_type - The token type used in this request is not allowed.
• org_login_required - The workspace is undergoing an enterprise migration and will not be available until migration is complete.
• invalid_auth - Some aspect of authentication cannot be validated. Either the provided token is invalid or the request originates from an IP address disallowed from making the request.