Regarding the docu (https://developers.miro.com/reference#authorization-and-authentication), the endpoint to trigger the oauth flow is “https://miro.com/oauth/authorize” whereas the code exchange endpoint is “https://api.miro.com/v1/oauth/token”. The API calls itself are as well “https://api.miro.com/v1/boards/id”.
This is unexpected and not overly nice when writing integration code.
It would be better if you the /authorize endpoint would be consistent => https://api.miro.com/v1/oauth/authorize
