Exchange Hosted Auth Code

curl --request POST \
  --url https://api.thefaithapp.com/v1/auth/token \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "client_key": "<string>",
  "code": "<string>",
  "redirect_uri": "<string>",
  "code_verifier": "<string>"
}
'

{
  "access_token": "<string>",
  "token_type": "<string>",
  "member": {},
  "member.client_id": 123
}

POST

auth

token

Exchange Hosted Auth Code

curl --request POST \
  --url https://api.thefaithapp.com/v1/auth/token \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "client_key": "<string>",
  "code": "<string>",
  "redirect_uri": "<string>",
  "code_verifier": "<string>"
}
'

{
  "access_token": "<string>",
  "token_type": "<string>",
  "member": {},
  "member.client_id": 123
}

Exchanges the one-time code from your redirect URL for a member bearer token. Use this token with X-API-Key to call protected v1 endpoints.

Example request

curl -X POST https://api.thefaithapp.com/v1/auth/token \
  -H "Content-Type: application/json" \
  -d '{
    "client_key": "your-client-api-key",
    "code": "one-time-code",
    "redirect_uri": "https://example.com/auth/callback"
  }'

Request inputs

client_key

string

required

Client key from Settings > Developer Access.

code

string

required

One-time code received on your redirect URL after hosted sign-in.

redirect_uri

string

required

The same redirect URL used when creating the hosted auth URL.

code_verifier

string

Required when the auth flow was started with a PKCE code_challenge.

Response fields

access_token

string

required

TheFaithApp member bearer token. Store it securely and use it as Authorization: Bearer ....

token_type

string

required

Token type. Currently Bearer.

member

object

required

The member record associated with the authenticated user and client key.

member.client_id

number

required

The church/client the member belongs to.

Example response

{
  "access_token": "member-bearer-token",
  "token_type": "Bearer",
  "member": {
    "id": 123,
    "name": "Jane Member",
    "email": "jane@example.com",
    "client_id": 45,
    "uuid": "member-user-id"
  }
}

Error responses

400: code is invalid, expired, already used, or the redirect URL does not match.
403: member does not belong to this client.
404: client_key does not match a known client.
422: request validation failed.

Authorization codes are short-lived and can only be exchanged once.

Create Hosted Auth URL Sign Out Hosted Auth Member

​Example request

​Request inputs

​Response fields

​Example response

​Error responses

Example request

Request inputs

Response fields

Example response

Error responses