REST APIV1OAuth
Token
OAuth 2.0 token endpoint. Exchanges an authorization code, client credentials, or refresh token for an access token.
Authorization
BearerToken AuthorizationBearer <token>
Pass an OAuth access token or an API token from Settings > MCP Server.
In: header
Request Body
application/x-www-form-urlencoded
grant_type*string
Value in
"authorization_code" | "client_credentials" | "refresh_token"client_id?|
client_secret?|
code?|
redirect_uri?|
code_verifier?|
org_id?|
user_id?|
refresh_token?|
Response Body
application/json
application/json
curl -X POST "https://api.poggio.io/v1/oauth/token" \ -H "Content-Type: application/x-www-form-urlencoded" \ -d 'grant_type=authorization_code'{
"access_token": "string",
"token_type": "string",
"refresh_token": "string",
"expires_in": 0,
"scope": "string"
}{
"detail": [
{
"loc": [
"string"
],
"msg": "string",
"type": "string"
}
]
}Register Client
OAuth 2.0 Dynamic Client Registration endpoint (RFC 7591). Allows clients to dynamically register without prior authentication.
Chat
Send a message to Poggio and receive a response. This endpoint allows external API clients to interact with Poggio's superagent. The org_id is inferred from the OAuth bearer token. Requires an OAuth bearer token with valid org_id and orig_user_id claims. The token must have the poggio:api:write scope for POST requests.