> ## Documentation Index
> Fetch the complete documentation index at: https://docs.harmonyforstaffing.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Get Access Token

> Exchange authorization code or client credentials for tokens

This endpoint supports multiple OAuth 2.0 flows:

1. **Authorization Code Grant** - Exchange an authorization code for tokens
2. **Client Credentials Grant** - Machine-to-machine API access
3. **Refresh Token Grant** - Get new tokens using a refresh token

### Body Parameters

<ParamField body="grant_type" type="string" required>
  One of: "authorization\_code", "client\_credentials", or "refresh\_token"
</ParamField>

<ParamField body="client_id" type="string" required>
  Your application's client ID
</ParamField>

<ParamField body="client_secret" type="string" required>
  Your application's client secret
</ParamField>

### Authorization Code Grant

<ParamField body="code" type="string" required>
  The authorization code received from the authorize endpoint
</ParamField>

<ParamField body="redirect_uri" type="string" required>
  Must match the original redirect URI used in the authorize request
</ParamField>

### Client Credentials Grant

<ParamField body="scope" type="string">
  Space-separated list of requested scopes (defaults to client's allowed scopes)
</ParamField>

### Refresh Token Grant

<ParamField body="refresh_token" type="string" required>
  The refresh token previously obtained
</ParamField>

### Response

```json theme={null}
{
  "access_token": "eyJhbGciOiJIUz...",          // JWT token
  "token_type": "bearer",
  "expires_in": 86400,                          // Seconds until expiration
  "refresh_token": "def50200641f3e...",         // Only for authorization_code and refresh_token grants
  "scope": "read write"                         // Space-separated scopes
}
```

<RequestExample>
  ```bash Authorization Code Exchange theme={null}
  curl --request POST \
    --url "https://api.harmonyforstaffing.com/oauth/token" \
    --header 'Content-Type: application/x-www-form-urlencoded' \
    --data-urlencode "grant_type=authorization_code" \
    --data-urlencode "code=abc123" \
    --data-urlencode "client_id=your_client_id" \
    --data-urlencode "client_secret=your_client_secret" \
    --data-urlencode "redirect_uri=https://your-app.com/callback"
  ```

  ```bash Client Credentials Grant theme={null}
  curl --request POST \
    --url "https://api.harmonyforstaffing.com/oauth/token" \
    --header 'Content-Type: application/x-www-form-urlencoded' \
    --data-urlencode "grant_type=client_credentials" \
    --data-urlencode "client_id=your_client_id" \
    --data-urlencode "client_secret=your_client_secret" \
    --data-urlencode "scope=read write"
  ```
</RequestExample>

### Error Responses