> ## Documentation Index
> Fetch the complete documentation index at: https://docs.dolfinai.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Exchange code

> Exchange a short-lived authorisation code for a fresh access token.



## OpenAPI

````yaml /api-reference/openapi.json post /auth/exchange
openapi: 3.1.1
info:
  title: Dolfin API
  description: >-
    Dolfin API for AR & AP. Authenticate using the `x-dolfin-api-key` header
    with the API key distributed to your organisation.
  version: v1
servers:
  - url: https://api.dolfinai.co
    description: Production
security:
  - {}
tags:
  - name: Webhooks
  - name: Users
  - name: TaxRates
  - name: Suppliers
  - name: Supplier Credit Notes
  - name: Bills
  - name: SpendCategories
  - name: Payables
  - name: RecurringInvoices
  - name: Receivables
  - name: Purchase Orders
  - name: Products
  - name: Payments
  - name: Invoices
  - name: Organisations
  - name: Members
  - name: MCP
  - name: Matching
  - name: Invoice Reminders
  - name: Industries
  - name: Gmail
  - name: Delivery Notes
  - name: Customers
  - name: Currencies
  - name: Credit Notes
  - name: Clients
  - name: ClientInvites
  - name: BankPayments
  - name: Bank details
  - name: Auth
  - name: ApprovalPolicies
  - name: ApiKeys
  - name: Agent
paths:
  /auth/exchange:
    post:
      tags:
        - Auth
      summary: Exchange code
      description: Exchange a short-lived authorisation code for a fresh access token.
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ExchangeRequest'
        required: true
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuthResponse'
        '400':
          description: >-
            Auth.NotUserScopedToken — auth code is not user-scoped; use POST
            /auth/register for org-scoped tokens
          content:
            application/problem+json:
              schema:
                $ref: '#/components/schemas/ProblemDetails'
        '401':
          description: >-
            Auth.InvalidAuthCode — auth code is invalid, expired, or already
            used


            Auth.InvalidCredentials — user account associated with the auth code
            no longer exists
          content:
            application/problem+json:
              schema:
                $ref: '#/components/schemas/ProblemDetails'
components:
  schemas:
    ExchangeRequest:
      required:
        - code
      type: object
      properties:
        code:
          type: string
    AuthResponse:
      required:
        - token
        - userId
        - email
        - organisations
        - clients
      type: object
      properties:
        token:
          type: string
          description: Your Dolfin issued bearer token
        userId:
          type: string
          description: Unique identifier for the user the token has been issued for
          format: uuid
        email:
          type: string
          description: Email of the user the token has been issued for
        organisations:
          type: array
          items:
            $ref: '#/components/schemas/AuthOrganisation'
          description: Organisation memberships for the user
        clients:
          type: array
          items:
            $ref: '#/components/schemas/AuthClient'
          description: Client memberships for the user (portal access)
    ProblemDetails:
      type: object
      properties:
        type:
          type:
            - 'null'
            - string
        title:
          type:
            - 'null'
            - string
        status:
          pattern: ^-?(?:0|[1-9]\d*)$
          type:
            - 'null'
            - integer
            - string
          format: int32
        detail:
          type:
            - 'null'
            - string
        instance:
          type:
            - 'null'
            - string
    AuthOrganisation:
      required:
        - organisationId
        - organisationName
        - role
      type: object
      properties:
        organisationId:
          type: string
          format: uuid
        organisationName:
          type: string
        role:
          $ref: '#/components/schemas/OrganisationRole'
    AuthClient:
      required:
        - clientId
        - clientName
        - type
        - role
      type: object
      properties:
        clientId:
          type: string
          format: uuid
        clientName:
          type: string
        type:
          $ref: '#/components/schemas/ClientType'
        role:
          $ref: '#/components/schemas/ClientRole'
    OrganisationRole:
      enum:
        - Member
        - Admin
        - Owner
    ClientType:
      enum:
        - Live
        - Sandbox
    ClientRole:
      enum:
        - Member
        - Developer
        - Support
        - Admin
        - Owner

````