> ## Documentation Index
> Fetch the complete documentation index at: https://docs.thanx.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Acquire Access Token

> Use this endpoint to acquire a user's access token.

This same endpoint supports refreshing an access token using the `client_id`,
`client_secret`, and `refresh_token`, with `grant_type` set to `refresh_token`.

### Parameters

<ParamField body="grant_type" type="string" required>
  authorization\_code is the required value
</ParamField>

<ParamField body="client_id" type="string" required>
  OAuth Client ID
</ParamField>

<ParamField body="client_secret" type="string" required>
  OAuth Client Secret
</ParamField>

<ParamField body="code" type="string" required>
  The authorization code received from Thanx via redirect or API
</ParamField>

<ParamField body="redirect_uri" type="string" required>
  The same redirect\_uri should be used as in the request for the authorization
  code
</ParamField>

### Response

<ResponseField name="token_type" type="string">
  The type of token, usually "Bearer"
</ResponseField>

<ResponseField name="scope" type="string">
  This will be 'passwordless'
</ResponseField>

<ResponseField name="created_at" type="integer">
  The number of seconds since the epoch
</ResponseField>

<ResponseField name="access_token" type="string">
  The user's access token, for use in accessing other API endpoints
</ResponseField>

<ResponseField name="refresh_token" type="string">
  If needed, a refresh token to get another access token
</ResponseField>

<RequestExample>
  ```bash theme={null}
  curl https://api.thanxsandbox.com/oauth/token \
    -X POST \
    -H "Content-Type: application/json" \
    -d '{
      "grant_type": "authorization_code",
      "client_id": "${client_id}",
      "client_secret": "${client_secret}",
      "code": "${code}",
      "redirect_uri": "https://www.example.com/oauth/callback"
    }'
  ```
</RequestExample>

<ResponseExample>
  ```json Response Example theme={null}
  {
    "token_type": "Bearer",
    "scope": "passwordless",
    "created_at": 1577836800,
    "access_token": "945148251b603ae34561d90acfe4050e67494d6d1e65d4d3d52798407f03c0bd",
    "refresh_token": "c74334301a7c74d21b714c905fd3047177dab56de6a86899e6f6b7f71bab7d55"
  }
  ```

  ```json 401 (Unauthorized) theme={null}
  {
      "error": "invalid_grant",
      "error_description": "The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."
  }
  ```
</ResponseExample>
