Create a token

Exchange an authorization code for an access and refresh token

curl --request POST \
  --url https://api.notion.com/v1/oauth/token \
  --header 'Authorization: Basic <encoded-value>' \
  --header 'Content-Type: application/json' \
  --header 'Notion-Version: <notion-version>' \
  --data '
{
  "grant_type": "authorization_code",
  "code": "<string>",
  "redirect_uri": "<string>",
  "external_account": {
    "key": "<string>",
    "name": "<string>"
  }
}
'

{
  "object": "<unknown>",
  "message": "<string>",
  "code": "invalid_request",
  "status": "<unknown>",
  "additional_data": {}
}

POST

oauth

token

Exchange an authorization code for an access and refresh token

curl --request POST \
  --url https://api.notion.com/v1/oauth/token \
  --header 'Authorization: Basic <encoded-value>' \
  --header 'Content-Type: application/json' \
  --header 'Notion-Version: <notion-version>' \
  --data '
{
  "grant_type": "authorization_code",
  "code": "<string>",
  "redirect_uri": "<string>",
  "external_account": {
    "key": "<string>",
    "name": "<string>"
  }
}
'

{
  "object": "<unknown>",
  "message": "<string>",
  "code": "invalid_request",
  "status": "<unknown>",
  "additional_data": {}
}

For step-by-step instructions on how to use this endpoint to create a public integration, check out the Authorization guide. To walkthrough how to create tokens for Link Previews, refer to the Link Previews guide.

Redirect URI requirements for public integrationsThe redirect_uri is a required field in the request body for this endpoint if:

the redirect_uri query parameter was set in the Authorization URL provided to users, or;
there are more than one redirect_uris included in the integration’s settings under OAuth Domain & URIs.

In most cases, the redirect_uri field is required.This field is not allowed in the request body if:

there is one redirect_uri included in the integration’s settings under OAuth Domain & URIs, and the redirect_uri query parameter was not included in the Authorization URL.

Learn more in the public integration section of the Authorization Guide.Note: Each Public API endpoint can return several possible error codes. To see a full description of each type of error code, see the Error codes section of the Status codes documentation.

Authorizations

Authorization

string

header

required

Basic authentication header of the form Basic <encoded-value>, where <encoded-value> is the base64-encoded string username:password.

Headers

Notion-Version

enum<string>

required

The API version to use for this request. The latest version is 2025-09-03.

Available options:

2025-09-03

Body

application/json

Option 1
Option 2

grant_type

enum<string>

required

Available options:

authorization_code

code

string

required

redirect_uri

string

external_account

object

Show child attributes

Response

object

any

required

message

string

required

code

enum<string>

required

Available options:

invalid_request,

invalid_grant,

unauthorized_client,

unsupported_grant_type,

invalid_scope

status

any

required

additional_data

object

Show child attributes

Authentication

Introspect a token

⌘I

Notion API

Objects

Endpoints

Authorizations

Headers

Body

Response