Skip to main content

Generate a linking token

POST /v2/oauth/token

Generates a linking token from a valid authorization code. The authorization code comes from Instacart and verifies that the customer has granted your site access to their Instacart account. For more information about the authorization code, see How to link an Instacart account.

You can use the generated linking token to link the user account.

Security

None.

Parameters

None.

Request

FieldTypeRequiredDescription
client_idstringRequiredThe client ID.
client_secretstringRequiredThe client secret.
grant_typestringRequiredThe grant type.
scopestringOptionalThe APIs that this token can access. Default is all the APIs specified in the retailer application configuration.
codestringOptionalThe authorization code.
redirect_uristringOptionalThe redirect URI when the authorization code was generated.
assertionstringOptionalThe assertion.
info

For the linking token, the grant type must be set to authorization_code and the redirect URI must match the one you shared with Instacart.

Request examples

curl --request POST \
--url https://connect.instacart.com/v2/oauth/token \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data '{
"client_id": "string",
"client_secret": "string",
"grant_type": "string",
"scope": "string",
"code": "string",
"redirect_uri": "string",
"assertion": "string"
}'

Response

FieldTypeRequiredDescription
access_tokenstringRequiredThe token to be used to authenticate requests.
token_typestringRequiredThe token type.
expires_innumberRequiredThe number of seconds the token will expire in.
created_atnumberRequiredThe epoch time of when the token was created.
scopestringOptionalThe scope of the token.
note

For a linking token, the scope is account_linking.

Response examples

200 Success

{
"access_token": "mhtEdMZYPypuW_I0fYken8cAqE7llDaoNefHSeVj9u4",
"token_type": "Bearer",
"expires_in": 86400,
"scope": "connect:fulfillment",
"created_at": 1603897760
}

Authentication Errors

HTTP CodeCauseErrorDescription
400Invalid authorization code or redirect URI"invalid_grant""Assertion is not provided or invalid assertion provided for the grant_type."
401Invalid client ID or secret"invalid_client""Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method."
403Query Params Forbidden"query_params_forbidden""Providing OAuth credentials as query parameters may cause them to be compromised. Please reach out to Instacart's security team and have the credentials rotated."