Cloudreve API Docs
  1. OAuth
Cloudreve API Docs
  • Site
    • Ping
      GET
    • Get CAPTCHA
      GET
    • Get site settings
      GET
    • Report abuse
      POST
  • Session
    • Token
      • Password sign-in
      • Finish sign-in with 2FA
      • Refresh Token
      • Sign out
    • OpenID
      • Prepare OpenID sign-in
      • Finish OpenID sign-in
      • Unlink OpenID
    • Passkey
      • Prepare Passkey sign-in
      • Finish Passkey sign-in
    • OAuth
      • Get OAuth app info
        GET
      • Exchange token
        POST
      • Revoke authorization
        DELETE
      • User info
        GET
    • Prepare login
      GET
  • User
    • Passkey
      • Prepare passkey registration
      • Finish passkey registration
      • Delete passkey
    • Setting
      • List available storage policies
      • List available nodes
      • Get preferences
      • Prepare enabling 2FA
      • Update preference setting
      • Update profile pricture
    • Sign up
      POST
    • Send reset password email
      POST
    • Reset password via temp link
      PATCH
    • Get profile picture
      GET
    • Get user
      GET
    • List user's share links
      GET
    • Get storage capacity
      GET
    • Search user
      GET
    • List credit changes
      GET
    • List payments
      GET
  • Callback
    • Complete OBS upload
      POST
    • Complete OneDrive upload
      POST
    • Complete COS upload
      GET
    • Complete S3 upload
      GET
  • Workflow
    • Remote Download
      • Create remote download
      • Select files to download
      • Cancel task
    • List tasks
    • Get task progress
    • Create archive
    • Extract archive
    • Relocate storage policy
    • Import external files
  • File
    • Permission
      • Set permission
      • Delete permission setting
    • Upload
      • Create upload session
      • Upload file chunk
      • Delete upload session
    • Pin
      • Pin to sidebar
      • Delete a pin
    • Version
      • Set file version
      • Delete file version
    • Direct Link
      • Create direct links
      • Delete direct link
    • List files
    • List file activities
    • Get file info
    • Get thumbnail URL
    • Get archive file list
    • Events stream
    • Update file content
    • Create viewer session
    • Create file
    • Rename file
    • Move or copy files
    • Create download URL
    • Restore from trash bin
    • Delete file
    • Force unlock
    • Patch metadata
    • Mount storage policy
    • Update view setting
  • Share
    • Create share link
    • Edit share link
    • Get share link info
    • List my share links
    • Delete share link
  • VAS
    • Payment
      • Create a payment
      • Get payment status
    • GiftCode
      • Check gift code
      • Redeem gift code
  • Group
    • List groups
  • WebDAV
    • List accounts
    • Create account
    • Update account
    • Delete account
  • Schemas
    • Response
    • SiteConfig
    • User
    • Group
    • FileViewer
    • PaymentProvider
    • PaymentSetting
    • StorageProduct
    • GroupSKU
    • CaptchaFields
    • Token
    • LoginResponse
    • PermissionSetting
    • Share
    • PaginationResults
    • ListShareResponse
    • TaskListResponse
    • Node
    • TaskResponse
    • Progress
    • ArchiveWorkflowService
    • StoragePolicy
    • Entity
    • ExtendedInfo
    • FolderSummary
    • FileResponse
    • NavigatorProps
    • ListResponse
    • LogEntry
    • Activity
    • FileActivitiesResponse
    • ExplorerView
    • ListViewColumn
    • PinFileService
    • ShareCreateService
    • Payment
    • Passkey
    • DavAccount
    • CreateDavAccountService
    • CustomProps
    • CustomNavItem
    • CustomHTML
    • ArchivedFile
    • ExchangeToken
  1. OAuth

Exchange token

POST
/session/oauth/token
Auth: None
Exchange a token pair with OAuth code.

Request

Authorization
Add the parameter
Authorization
to Headers,whose value is to concatenate the Token after the Bearer.
Example:
Authorization: Bearer ********************
Body Params application/x-www-form-urlencodedRequired

Request Code Samples

Shell
JavaScript
Java
Swift
Go
PHP
Python
HTTP
C
C#
Objective-C
Ruby
OCaml
Dart
R
Request Request Example
Shell
JavaScript
Java
Swift
curl --location --request POST '/session/oauth/token' \
--header 'Authorization: Bearer <token>' \
--data-urlencode 'client_id=393a1839-f52e-498e-9972-e77cc2241eee' \
--data-urlencode 'client_secret=' \
--data-urlencode 'grant_type=' \
--data-urlencode 'code=authorization_code' \
--data-urlencode 'code_verifier='

Responses

🟢200Success
application/json
Body

Example
{
        "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwic3ViIjoibHB1YSIsImV4cCI6MTc0NTY1NDMwOCwibmJmIjoxNzQ1NjUwNzA4fQ.n2z8AY-A9GC-CymOsLSA8ruV3vYgNJd27MXRcm4bVu8",
        "token_type": "Bearer",
        "expires_in": 3600,
        "refresh_token_expires_in": 7776000,
        "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0b2tlbl90eXBlIjoicmVmcmVzaCIsInN1YiI6ImxwdWEiLCJleHAiOjE3NjEyMDI3MDgsIm5iZiI6MTc0NTY1MDcwOCwic3RhdGVfaGFzaCI6Ikk1OCtSbmsrTHVpTkxBbjBqek9KNG45OUorV3hqL0pzbjJoRVYrUXBhelE9In0.KoechX6_A2NeVcfFAlHkRLk572hjPKepP0XWfbvBxZY",
        "scope": "openid offline_access File.Read"
}
Modified at 2026-01-31 05:01:47
Previous
Get OAuth app info
Next
Revoke authorization
Built with