Skip to main content
GET
/
.well-known
/
oauth-authorization-server
curl 'https://api.resend.com/.well-known/oauth-authorization-server'
{
  "issuer": "https://api.resend.com",
  "authorization_endpoint": "https://api.resend.com/oauth/authorize",
  "token_endpoint": "https://api.resend.com/oauth/token",
  "jwks_uri": "https://api.resend.com/.well-known/jwks.json",
  "registration_endpoint": "https://api.resend.com/oauth/register",
  "revocation_endpoint": "https://api.resend.com/oauth/revoke",
  "scopes_supported": ["full_access", "emails:send"],
  "response_types_supported": ["code"],
  "response_modes_supported": ["query"],
  "grant_types_supported": ["authorization_code", "refresh_token"],
  "token_endpoint_auth_methods_supported": ["none"],
  "code_challenge_methods_supported": ["S256"]
}
RFC 8414 metadata. Clients can discover this URL from the protected-resource metadata’s authorization_servers field, then use it to find the OAuth endpoints instead of hardcoding them.
curl 'https://api.resend.com/.well-known/oauth-authorization-server'
{
  "issuer": "https://api.resend.com",
  "authorization_endpoint": "https://api.resend.com/oauth/authorize",
  "token_endpoint": "https://api.resend.com/oauth/token",
  "jwks_uri": "https://api.resend.com/.well-known/jwks.json",
  "registration_endpoint": "https://api.resend.com/oauth/register",
  "revocation_endpoint": "https://api.resend.com/oauth/revoke",
  "scopes_supported": ["full_access", "emails:send"],
  "response_types_supported": ["code"],
  "response_modes_supported": ["query"],
  "grant_types_supported": ["authorization_code", "refresh_token"],
  "token_endpoint_auth_methods_supported": ["none"],
  "code_challenge_methods_supported": ["S256"]
}
Response is cached for 300 seconds (Cache-Control: public, max-age=300).