Access Tokens

The Access Tokens API allows you to create access tokens for API requests.

Create an access token

Creates an access token for your Access Gateway. Use the access token to authenticate API requests. Authentication is performed using a signed JWT assertion in the client_assertion parameter of the request body, not through HTTP headers.

This endpoint only supports the OAuth 2.0 client credentials grant type. It returns access tokens based on the request parameters. You're not able to use any other OAuth 2.0 grant types, such as password or refresh_token, with this endpoint.

Request
Request Body schema: application/x-www-form-urlencoded
required
client_assertion
string

Signed JWT token

client_assertion_type
string

Specifies the format and type of the client assertion being sent for authentication

Value: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
grant_type
string

Determines the mechanism Okta uses to authorize the creation of the tokens

Value: "client_credentials"
scope
string

Space-separated list of scopes

Enum: "okta.oag.idp.read" "okta.oag.idp.manage" "okta.oag.app.read" "okta.oag.app.manage" "okta.oag.cert.read"
Responses
200

Success

400

Bad Request

post/api/v2/oauth/token
Request samples
application/x-www-form-urlencoded
grant_type=client_credentials&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&client_assertion=%3Cjwt_Token%3E&scope=okta.oag.idp.read%20okta.oag.app.read
Response samples
application/json
{
  • "access_token": "<jwt_token>",
  • "token_type": "Bearer",
  • "expires_in": 300,
  • "scope": "okta.oag.idp.read okta.oag.app.read"
}