Headless Login: Send a Token Request

After you send the authorization request and get a code, exchange the code for an access token.
Available in: both Salesforce Classic (not available in all orgs) and Lightning Experience
Available in: Enterprise, Unlimited, and Developer Editions

  1. From the Headless Identity API Demo folder in Postman, select Username Password Login - Token Exchange.
    Note the location of the POST request. It’s the /services/oauth2/token endpoint on your Experience Cloud site.
  2. To see the request body, click Body. The token request for headless login includes these parameters.
    • code—The authorization code from Salesforce.
    • grant_type—The OAuth 2.0 grant type. Because the OAuth 2.0 authorization code grant type is the foundation of this flow, this parameter is set to authorization_code.
    • client_id—The external client app consumer key.
    • redirect_uri—The external client app callback URL, which points to the OAuth 2.0 echo endpoint.
  3. For the code, enter the authorization code that you received in your response from the previous step.
  4. To send the request to the token endpoint, click Send.
    Salesforce validates the token request and returns a response to your app. The response contains an access token that can be used to access Salesforce APIs and other identifying parameters. Here’s an example access token response in Postman.
    1{
    2    "access_token": "00DR**********",
    3    "sfdc_community_url": "https://MyExperienceCloudSite.my.site.com",
    4    "sfdc_community_id": "0DBXXXXXXXXXXXXXXXX",
    5    "signature": "CPk2JprUcxOmRHND71gJFn+SxyKe7jWqA1rQnFz9zZg=",
    6    "token_format": "opaque",
    7    "scope": "openid api",
    8    "id_token": "eyJr**************",
    9    "instance_url": "https://yourInstance.salesforce.com",
    10    "id": "https://yourInstance.salesforce.com/id/00Dxxxxxxxxxxxx/005xxxxxxxxxxxx",
    11    "token_type": "Bearer",
    12    "issued_at": "1667600739962"
    13}