Documentation

Tutorial: Authenticate App User with Pandora

2. Get access token

Now that you have the authorization code, you can use this to get your access token.  

Do a POST request to https://www.pandora.com/oauth/v1/token, with the content type application/x-www-form-urlencoded and the values.

Parameter Description Type Example Required
grant_type authorization_code indicating that we are using the authorization code grant type string "authorization_code"  Yes
redirect_uri The same redirect URI the user was redirected to during the authorization step string "http://www.mysite.com/callback"  Yes
code The authorization code received from the authorization step string "APQBvb9xwom1IkRTg7pGiAE" Yes

Additionally, the client must include a basic authentication header:

Authorization: Basic Base64Encode(client_id:client_secret)

You can use this curl command to test:



curl 'https://www.pandora.com/oauth/v1/token' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -H 'Authorization: Basic ' \
  -d grant_type=authorization_code \
  -d redirect_uri="" \
  -d code=

If everything is valid, the response is a JSON object that contains the following:

Parameter Description Type Example
access_token The access token that can be used to access a Pandora protected resource. This token expires and the refresh token can be used to get a new access_token. string "eyJ6aXAiOiJERU
YiLCJraWQiOiJlb
mMxNTEzNzgzO
TU4IiwiY3R5IjoiSl
...
hExXkolqVB4y5
yOk.B7eRL3XpB
wKtpcc9rgVjJQ"
refresh_token A token that can be used at the refresh endpoint to fetch a fresh access_token. string "eyJ6aXAiOiJERU
YiLCJraWQiOiJlb
mMxNTEzNzgzO
TU4IiwiY3R5IjoiSl
...
hExXkolqVB4y5
yOk.B7eRL3XpB
wKtpcc9rgVjJQ"
expires_in The time in seconds that the access token is valid for (the refresh_token does not expire). After expiry, use the refresh_token to get a new access_token. number 14400
token_type Type of the token, typically "Bearer". string "Bearer"

Example response:



{ 
   "access_token":"eyJ6aXAiOiJERUYiLCJraWQiOi_bs8i2XKP7PM9uwHUKWgEj._TFVXhdZYGW0eY89TtBZGw",
   "token_type":"Bearer",
   "refresh_token":"eyJ6aXAiOiJERUYiL`rizKC5Yew38_u7y_mGiNspC8VsMn6x0xs.FeD5jJc9VHhX_FhVKlk9zw",
   "expires_in":14400
}