In this guide, you’ll exchange the authorization code for an access token. Access tokens are required for making API requests to Finch endpoints.
https://example.com/api/finch/callback
.
You can reuse this same endpoint to support a Redirect Finch Connect flow as well. Just make sure to add the redirect_uri
to the whitelist in your Finch Developer Dashboard.
/auth/token
endpoint. The request should include the following fields in the request body’s JSON payload:
client_id
: Your unique client ID from the Finch developer dashboard.client_secret
: Your unique client secret from the Finch developer dashboard.code
: The authorization code obtained from Finch Connect in the Set Up Finch Connect.redirect_uri
(optional): If using the Redirect Finch Connect Flow, include the redirect_uri
. This is the same redirect URI you used when setting up Finch Connect. If you using Embedded Flow, do not include redirect_uri
in the payload./auth/token
endpoint will respond with a JSON object containing an access_token
if the request is successful. Parse the JSON response body and extract the access_token
.
/auth/token
endpoint returns an error, your server-side code should handle it gracefully. Common error scenarios include invalid or expired authorization codes, incorrect client IDs or secrets, or mismatched redirect URIs. Display a helpful error message to the user or retry the authentication flow as needed.