> ## Documentation Index
> Fetch the complete documentation index at: https://docs.mention-me.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Getting an access token

> Get an access token using your API key to make authenticated requests to the API.

In this guide, we'll walk you through the process of obtaining an access token. Access tokens are crucial for authorizing your requests to our API.

Follow the steps below to seamlessly integrate access token retrieval into your application.

<Steps>
  <Step title="Request an access token">
    Make a `POST` request to our authorization server using your client credentials. You can read our reference data for the API and try it out via our [Auth API Reference](/api-reference/authentication/overview).

    <CodeGroup>
      ```bash bash theme={null}
      curl -XPOST https://demo.mention-me.com/api/oauth/token \
          -H 'Content-Type: application/json' \
          -d '{ "client_id": "<client-id>", "client_secret": "<client-secret>", "grant_type": "client_credentials" }'
      ```
    </CodeGroup>

    Replace `<client-id>` and `<client-secret>` with your API key's client ID and secret respectively.
  </Step>

  <Step title="Receive the access token">
    Upon a successful request, the authorization server will respond with a JSON Web Token (JWT) in the access token. Here's an example response:

    <CodeGroup>
      ```bash bash theme={null}
      {
        "access_token": "<jwt>",
        "expires_in": 3600,
        "token_type": "bearer"
      }
      ```
    </CodeGroup>

    * **access\_token**: The JWT representing your access token
    * **token\_type**: The type of token. In this case, it's "bearer"
    * **expires\_in**: The expiration time of the access token in seconds (e.g., 3600 seconds equals one hour).
  </Step>
</Steps>

## Handling errors

While obtaining an access token, errors may occur due to various reasons. For a detailed explanation of potential errors and their resolutions, refer to our [Errors Guide](/api-reference/getting-started/errors).

## JWT explained

Access tokens returned are [JSON Web Tokens](https://jwt.io/introduction), or JWTs. JWTs are a standardised way of representing claims between two parties. In this case, the two parties are your application and Mention Me.

You can use the debug tool at [JWT.io](https://jwt.io/) to debug what access a token has.

A typical access token will have a payload that looks something like:

<CodeGroup>
  ```bash bash theme={null}
  {
    "aud": [
      "project-test-2da703ca-e983-410e-93d0-442bb05b9b06"
    ],
    "claims": {
      "env": "demo",
      "merchantId": "4259"
    },
    "exp": 1706201080,
    "iat": 1706197480,
    "iss": "stytch.com/project-test-2da703ca-e983-410e-93d0-442bb05b9b06",
    "nbf": 1706197480,
    "scope": "customers:list",
    "sub": "m2m-client-test-3191ab24-133b-4634-a02d-0ec6249dd481"
  }
  ```
</CodeGroup>

The Mention Me specific fields are:

* **claims**: This shows what Environment and Merchant a token can be used for
  * **env**: In this case, we have access to the demo environment
  * **merchantId**: In this case, this token can be used for Merchant 4259

* **scope**: This shows the [scopes](/api-reference/authentication/scopes) that the token has access to

## Token expiration

Access tokens have a limited lifespan for security reasons. In our case, tokens expire after **one hour**. It's essential to implement a mechanism to refresh tokens when they expire, ensuring uninterrupted access to the API.

## Next steps

<Card title="Scopes" icon="shield-halved" href="/api-reference/authentication/scopes">
  Choose the right scope for your application.
</Card>