This documentation is clear: http://developers.pinterest.com/api_docs/oauth_code_exchange/
I need the code
for swap it with an access token. But where is the endpoint for access to this code? Tried the "classic" :
https://api.pinterest.com/oauth2/auth?client_id=&redirect_uri=&scope=&response_type=code
but seems 404.
The endpoint for v3 is:
PUT https://api.pinterest.com/v3/oauth/code_exchange/
Example:
curl -X PUT https://api.pinterest.com/v3/oauth/code_exchange/ -d "access_token={access token}&consumer_id={client id}&consumer_secret={client secret}&redirect_uri={redirect uri}&code={code}&grant_type=authorization_code"
What is strange though, is that you have to pass in a valid access token for the endpoint to work or it will return an Unauthenticated error. The access token can be from anyone or any Pinterest app and does not need to be from the authenticating user or the authenticating app, as long as it has not expired.
The easiest way to obtain a valid access token as of now is to log in to the Pinterest for iPhone app here and you will find the token in the URL hash:
https://www.pinterest.com/oauth/?consumer_id=1431594&response_type=token
In talking to the pinterest devs, this looks like the correct approach:
PUT https://api.pinterest.com/v3/oauth/code_exchange/?code={auth_code}&grant_type=authorization_code&client_id={client_id}×tamp={timestamp}&consumer_id={client_id}&redirect_uri={redirect_uri}&oauth_signature={oauth_sig}
I was surprised to see that I would get a 401 when passing the data in the PUT body.