Exchange a valid bearer token for an authenticated browser session

This endpoint takes an authentication bearer token in the header, or as the query parameter “access_token”. However, for security purposes, it is recommended that the token is passed in by using the POST API call.

It uses “scoped=true” as a query parameter optionally. When “scoped=true” is given, the cookie created is be used to login to app scoped application. If “scoped=true” is not given, the cookie created is used to login to non-app scoped application.

It uses “redirect_url” as a query parameter as optionally. When “redirect_url” is given, the call will redirect to the redirect URL with the authenticated session.