# Fetching User Token Using the “state” from step 10, “code verifier” from step 12, and the “authorization code” from step 9, you need to make a network call to Truecaller’s backend so as to fetch the access token : `POST` `https://oauth-account-noneu.truecaller.com/v1/token` **Headers** | Name | Type | Description | | -------------- | --------------------------------- | ----------- | | Content-Type\* | application/x-www-form-urlencoded | | | | String | | **Request Body** | Name | Type | Description | | -------------- | ---------------------------- | -------------------------------------------------------- | | grant\_type | "authorization\_code" | // hardcoded value | | | String | | | client\_id | \ | | | code | \ | Authorisation code from TcOAuthData callback from step 9 | | code\_verifier | \ | From step 12 | 200: OK Success { \ "access\_token": "some-access-token", \ "expires\_in": 3600, \ "token\_type": "Bearer" \ } \ 400: Bad Request - If grant type is not supported\ 403: Forbidden - If client id is invalid\ 500: Internal Server Error - Unexpected error on the server side\ 400: Bad Request - Some of the parameters are empty in the request\ 403: Forbidden Valid grant type but not allowed for the client\ 403: Forbidden Invalid auth code provided\ 403: Forbidden Invalid/expired auth code in provided\ 403: Forbidden Invalid/expired code verifier is provided\ 429: Too Many Requests If the number of requests exceeds the allowed limit\ 503: Service Unavailable Resource unavailable due to server-side issue **Sample cURL request :** ``` curl --location --request POST 'https://oauth-account-noneu.truecaller.com/v1/token' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'grant_type=authorization_code' \ --data-urlencode 'client_id=<>' \ --data-urlencode 'code=<>' \ --data-urlencode 'code_verifier=<>' ```