> ## Documentation Index
> Fetch the complete documentation index at: https://docs.fanfare.io/llms.txt
> Use this file to discover all available pages before exploring further.

# POST /auth/external/exchange

> Exchange an external one-time code for a Fanfare consumer session (browser)



## OpenAPI

````yaml /api/openapi/consumer-api.json post /auth/external/exchange
openapi: 3.1.0
info:
  description: Consumer API for Fanfare
  title: Fanfare Consumer API
  version: 1.0.0
servers:
  - description: Production
    url: https://consumer.fanfare.io/api
  - description: Local development
    url: http://localhost:4802
security: []
paths:
  /auth/external/exchange:
    post:
      tags:
        - Auth
      description: >-
        Exchange an external one-time code for a Fanfare consumer session
        (browser)
      operationId: postAuthExternalExchange
      requestBody:
        content:
          application/json:
            schema:
              properties:
                exchangeCode:
                  type: string
              required:
                - exchangeCode
              type: object
      responses:
        '200':
          content:
            application/json:
              schema:
                properties:
                  accessToken:
                    type: string
                  beaconToken:
                    type: string
                  session:
                    properties:
                      consumerId:
                        type: string
                      email:
                        type: string
                      expiresAt:
                        type: string
                      guestId:
                        type: string
                      phone:
                        type: string
                      type:
                        enum:
                          - guest
                          - authenticated
                    required:
                      - type
                      - consumerId
                      - expiresAt
                    type: object
                required:
                  - session
                  - accessToken
                  - beaconToken
                type: object
          description: Session created
        '400':
          content:
            application/json:
              schema:
                properties:
                  error:
                    const: validation_error
                  issues:
                    items:
                      properties:
                        expected:
                          type: string
                        kind:
                          type: string
                        message:
                          type: string
                        path:
                          items:
                            properties:
                              input: {}
                              key:
                                type: string
                              origin:
                                type: string
                              type:
                                type: string
                            required:
                              - type
                              - origin
                              - input
                              - key
                            type: object
                          type: array
                        received:
                          type: string
                        type:
                          type: string
                      required:
                        - kind
                        - type
                        - expected
                        - received
                        - message
                        - path
                      type: object
                    type: array
                required:
                  - error
                  - issues
                type: object
          description: Bad Request - Invalid input schema
        '401':
          content:
            application/json:
              schema:
                properties:
                  error:
                    type: string
                required:
                  - error
                type: object
          description: Unauthorized - Authentication required
        '403':
          content:
            application/json:
              schema:
                properties:
                  error:
                    type: string
                required:
                  - error
                type: object
          description: Forbidden - User must be authenticated
        '500':
          content:
            application/json:
              schema:
                properties:
                  error:
                    type: string
                required:
                  - error
                type: object
          description: Internal server error

````