# Get access token

Request an access token using the Client Credentials Grant.  
The access token is required for calling all secured APIs.

Endpoint: POST /oauth2/token
Version: 1.0

## Request fields (application/json):

  - `client_id` (string, required)
    The client identifier issued during registration.
    Example: "354z244b-2b83-4721-922b-9f9b4ba13059"

  - `client_secret` (string, required)
    The client secret issued during registration.
    Example: "secret"

  - `grant_type` (string, required)
    Must be client_credentials for this flow.
    Example: "client_credentials"

## Response 200 fields (application/json):

  - `access_token` (string, required)
    The JWT access token issued by the server.
    Example: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9..."

  - `token_type` (string, required)
    Type of the token issued.
    Example: "Bearer"

  - `expires_in` (integer, required)
    Lifetime of the access token in seconds.
    Example: 3600

  - `scope` (string)
    Granted scopes.
    Example: "read:users write:logs"

## Response 400 fields (application/json):

  - `error` (string, required)
    Error type identifier.
    Example: "invalid_client"

  - `error_description` (string, required)
    Human-readable error explanation.
    Example: "Client authentication failed"

## Response 5XX fields (application/json):

  - `code` (number, required)
    Example: 503

  - `timestamp` (string, required)
    Example: "2025-07-11T06:51:25.202Z"

  - `path` (string, required)
    Example: "/oauth2/token"

  - `method` (string, required)
    Example: "POST"

  - `error` (string, required)
    Example: "INTERNAL_SERVER_ERROR"

  - `message` (string, required)
    Example: "Internal Server Error"