POST
/
auth
/
token
curl --request POST \
     --url https://api.pelm.com/auth/token \
     --header 'accept: application/json' \
     --header 'content-type: application/x-www-form-urlencoded'
{
  "access_token": "ACCESS_TOKEN",
  "access_token_expires_in": 3600,  // ignore this field
  "refresh_token": "REFRESH_TOKEN",  // ignore this field
  "refresh_token_expires_in": 31536000  // ignore this field
}

Exchange an authorization_code for an access_token. The authorization_code is returned in the Connect onSuccess callback after the user successfully submits their utility credentials.

Note that the access_token will not expire. You should securely store this token in your database.
You can ignore all the other fields in this response: access_token_expires_in, refresh_token, refresh_token_expires_in. They’re included for legacy applications.

Form data

code
string
required

Authorization code from Connect.

Headers

Pelm-Client-Id
string
required

Pelm-Client-Id given on registration

Pelm-Secret
string
required

Pelm-Secret given on registration

Response

  • 200 response

  • Error response

access_token
string
access_token_expires_in
string

Number of seconds until the access_token expires (1 hour)

refresh_token
string
refresh_token_expires_in
string

Number of seconds until the refresh_token expires (1 year)