Access Token

Access tokens allow apps to make requests to Arena on the behalf of a user. Each access token is unique to the user and application ID. Access tokens do not expire, but they may be revoked by the user.

There are two flows for authenticating a user and obtaining an access token: code and token, which are generally used by web and client apps, respectively.

Requesting authorization

To request the authorization token, you should redirect users to the authorize endpoint:

If the user authorizes the your application they will be redirected back to


Requesting the access token

To request the access token, you should use the returned code and exchange it for a access token. To do that you can use any HTTP client.



The response will be in JSON

   "access_token": "ACCESS_TOKEN",
   "token_type": "bearer",
   "expires_in": null

You can now make authenticated requests to the API signed with this access token.