The parameters for Get Token are thus:
Request Body
Name Required Type Description
code true string The code is a unique parameter included in the URL upon a successful Authorize API authentication.
client_id true string The API key obtained during the app generation process.
client_secret true string The API secret obtained during the app generation process. This private key remains confidential, known only to the application and the authorization server.
redirect_uri true string The URL provided during app generation.
grant_type true string This value must always be authorization_code.
I generate Get_Token only after authorization right?
If so, then redirect_URI is redundant.
if grant_type is always authorization_code (invariant) then its redundant too.
My personal take is redirect_uri should not get exposed (even with https and TLS). If its part of URL then there is high probability of spoofing.
If possible eliminate redirect URI from all apis.
Regards
Rathnadhar K V