# Obtain access token

Operation returns the OAuth2 token that can be used in API calls

Endpoint: POST /oauth/v3/token
Version: v3

## Request fields (application/x-www-form-urlencoded):

  - `grant_type` (string, required)
    OAuth2 grant type
    Example: "client_credentials"

  - `client_id` (string, required)
    Client identifier
    Example: "my-client-id"

  - `client_secret` (string, required)
    Client secret
    Example: "my-client-secret"

  - `scope` (string)
    Space-delimited subset of the originally granted scopes. Allows the client to request a narrower set of permissions for the issued access token. If omitted, all originally authorized scopes apply.
    Example: "organization:groups:read organization:groups:create"

## Response 200 fields (application/json):

  - `access_token` (string, required)
    The access token
    Example: "eyJhbGciOiJSUzI1NiJ9..."

  - `token_type` (string, required)
    Token type
    Example: "Bearer"

  - `expires_in` (integer, required)
    Token validity in seconds
    Example: 3600

  - `scope` (string, required)
    Granted scope
    Example: "organization:groups:read organization:groups:create"

## Response 400 fields (application/json):

  - `error` (string)
    An error code defined in RFC 6749 or other extensions
    Example: "invalid_client"

  - `error_description` (string)
    A short description of what caused this error. Sometimes this contains dynamically-generated information about your specific error.
    Example: "Client not found: my-client-id"