Podio API Documentation

OAuth authorization: Get access token

POST /oauth/token

Gets a new access token for use when accessing the API.

Podio supports 4 ways of obtaining an access token:

  • password: Use the end users mail and password to access the API. This is only valid for trusted clients
  • authorization_code: Use the authorization code obtained from step one of the authorization (see the area for more information)
  • refresh_token: Use the refresh token obtained previously from one of the above methods.
  • app: Login as an app with the id of the app and the apps login token

This operation can return a wide variety of error codes. For details see the OAuth 2 specification.

Ruby Gem
Podio::OAuth.get_access_token( attributes )

The id of the app to login as, if using "app" grant type


The token of the app, gotten from the app configuration, if using "app" grant type


The key of the API client


The secret of the client. This will be generated by Podio and can be acquired in the API key area in Podio.


The authorization code if using "authorization_code" grant type 


The type of the grant, can be either "password", "authorization_code", "refresh_token" or "app"


The password of the end-user if using "password" grant type


The redirect URL requested by the client if any. This has to match the domain associated with the client.


The refresh token acquired from an earlier create token request, if using "refresh_token" grant type


The mail of the end-user if using "password" grant type

Response {
"access_token": The created access token. This is currently 128 characters long, "token_type": The type of token, currently always "bearer",
"expires_in": The number of seconds until the access token expires and cannot be used anymore,
"refresh_token": The refresh token to use when a new access token is required because the access token expires, "ref": The reference to the entity logged in, { "type": The type of the entity, either "user" or "app", "id": The id of the entity, f.ex. the user id



The sandbox only handles GET operations for now.