Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.mention-me.com/llms.txt

Use this file to discover all available pages before exploring further.

In this guide, we’ll walk you through the process of obtaining an access token. Access tokens are crucial for authorizing your requests to our API. Follow the steps below to seamlessly integrate access token retrieval into your application.
1

Request an access token

Make a POST request to our authorization server using your client credentials. You can read our reference data for the API and try it out via our Auth API Reference.
curl -XPOST https://demo.mention-me.com/api/oauth/token \
    -H 'Content-Type: application/json' \
    -d '{ "client_id": "<client-id>", "client_secret": "<client-secret>", "grant_type": "client_credentials" }'
Replace <client-id> and <client-secret> with your API key’s client ID and secret respectively.
2

Receive the access token

Upon a successful request, the authorization server will respond with a JSON Web Token (JWT) in the access token. Here’s an example response:
{
  "access_token": "<jwt>",
  "expires_in": 3600,
  "token_type": "bearer"
}
  • access_token: The JWT representing your access token
  • token_type: The type of token. In this case, it’s “bearer”
  • expires_in: The expiration time of the access token in seconds (e.g., 3600 seconds equals one hour).

Handling errors

While obtaining an access token, errors may occur due to various reasons. For a detailed explanation of potential errors and their resolutions, refer to our Errors Guide.

JWT explained

Access tokens returned are JSON Web Tokens, or JWTs. JWTs are a standardised way of representing claims between two parties. In this case, the two parties are your application and Mention Me. You can use the debug tool at JWT.io to debug what access a token has. A typical access token will have a payload that looks something like: 
{
  "aud": [
    "project-test-2da703ca-e983-410e-93d0-442bb05b9b06"
  ],
  "claims": {
    "env": "demo",
    "merchantId": "4259"
  },
  "exp": 1706201080,
  "iat": 1706197480,
  "iss": "stytch.com/project-test-2da703ca-e983-410e-93d0-442bb05b9b06",
  "nbf": 1706197480,
  "scope": "customers:list",
  "sub": "m2m-client-test-3191ab24-133b-4634-a02d-0ec6249dd481"
}
The Mention Me specific fields are:
  • claims: This shows what Environment and Merchant a token can be used for
    • env: In this case, we have access to the demo environment
    • merchantId: In this case, this token can be used for Merchant 4259
  • scope: This shows the scopes that the token has access to

Token expiration

Access tokens have a limited lifespan for security reasons. In our case, tokens expire after one hour. It’s essential to implement a mechanism to refresh tokens when they expire, ensuring uninterrupted access to the API.

Next steps

Scopes

Choose the right scope for your application.
Last modified on March 31, 2026