# Financial Data Exchange OAuth Tokens > An OAuth token that is returned to your application when a user completes the OAuth flow and may be used to authenticate requests. ## The Financial Data Exchange OAuth Token object ### Example ```json { "access_token": "token", "expires_in": 3600, "id_token": "token", "refresh_token": "token" } ``` ### Attributes - `access_token` (string) You may use this token in place of an API key to make OAuth requests on a user's behalf. - `expires_in` (integer) The number of seconds until the access token expires. - `id_token` (string) An OIDC ID token. - `refresh_token` (string, nullable) You may exchange this for a new access token. ## Create a Financial Data Exchange OAuth Token POST /fdx/intuit/oauth/tokens > Exchange an authorization code or refresh token for an access token. The returned access token authenticates subsequent calls to the Intuit FDX endpoints on behalf of the end user. The endpoint follows the OAuth 2.0 spec and supports the `authorization_code` and `refresh_token` grant types; the returned `id_token` is a standard OpenID Connect ID token. ### Example ```curl curl -X "POST" \ --url "${INCREASE_URL}/fdx/intuit/oauth/tokens" \ -H "Authorization: Bearer ${INCREASE_API_KEY}" \ -H "Content-Type: application/json" \ -d $'{ "client_id": "12345", "client_secret": "supersecret", "code": "123", "grant_type": "authorization_code", "redirect_uri": "https://example.com/oauth/callback" }' ``` ### Body Parameters - `client_id` (string, required) The public identifier for your application. - `client_secret` (string, required) The secret that confirms you own the application. - `code` (string, optional) The authorization code generated by the user and given to you as a query parameter. - `grant_type` (enum, required) The type of grant being exchanged for an access token. Cases: * `authorization_code` (Request a new authorization token.) * `refresh_token` (Refresh an existing access token.) - `prompt` (string, optional) In requests to the OpenID Provider, a client MAY indicate that the desired user experience is for the user to immediately see the user account creation UI instead of the login behavior. - `redirect_uri` (string, optional) Where to redirect back to once the user completed all authentication steps. - `refresh_token` (string, optional) The refresh token to use to generate a new access token. - `scope` (string, optional) The scope requested when refreshing an access token.