Obtaining Bearer Tokens

Exchanging response code for access token##

Once you receive a a code from the initial request, you must now exchange the code for an access token which is used in REST API calls.

The response code can be found in the redirect_uri


You will do a POST request to the token endpoint https://launchpad.classlink.com/oauth2/v2/token with the code, client_secret and client_id in the post body.

The client_secret and client_id are assigned to your application in the ClassLink Dev Console.

There are several great REST API clients you can use for testing. For Chrome, the Advanced Rest Client is easy to use.

Firefox has an add-on called REST Client. The RESTClient for Firefox can automatically exchange and embed the token in your REST API calls.



Ensure you use content-type application/x-www-form-urlencoded in your header. Some REST API clients will automatically add this to your header.


The token endpoint will verify your client_id, client_secret, code and then respond with your access_token.

  access_token: "c1447347559609a1421b77d9ae8a0183e3b576680e246a",
  token_type: "Bearer",
  response_type: "code",
  id_token: "..."


Your response code expires in 5 minutes!

Use your response code right away because it will automatically expire after 5 minutes. Access tokens are good for 24 hours.

Open Id Connect

Included in the token response is also an encoded JSON Web Token.
When decoded it contains the claims as described by OpenId Documentation.

  "iss": "https://launchpad.classlink.com",
  "sub": "8708718",
  "aud": "c1587556210325442f066178b254bbc92cdc0e3e35a9c2",
  "nonce": "d5e82df0-21f5-11ec-a04b-552b2c7c7084",
  "exp": 1633096438,
  "iat": 1633010038,
  "auth_time": 1632955569,
  "login_hint": "demoUser",
  "email_verified": true,
  "email": "[email protected]",
  "name": "Demo User",
  "profile": "Teacher",
  "address": {
    "locality": "Tenant Name",
    "region": "New Jersey"
  "given_name": "Demo",
  "family_name": "User"

Now you are ready to access the APIs!