Token Endpoint (OAuth 2.1)
Exchanges an authorization code (with PKCE `code_verifier`) for an access + refresh token pair, or rotates a refresh token. Accepts `application/x-www-form-urlencoded` per the OAuth spec. Access tokens are opaque (`vennio_at_...`, 1-hour TTL); refresh tokens (`vennio_rt_...`, 30-day TTL) are single-use and rotated on redemption.
Auth required: No
grant_type: string (required)code: stringredirect_uri: stringclient_id: stringcode_verifier: stringrefresh_token: string200: Token response400: OAuth error body (`invalid_grant`, `invalid_request`, `invalid_client`)This endpoint does not require authentication.
Base URL: https://api.vennio.app