> ## Documentation Index > Fetch the complete documentation index at: https://docs.lerian.studio/llms.txt > Use this file to discover all available pages before exploring further. # Request an Access Token > Use this endpoint to get an access token for a user or client. You can only use **one authentication method per request** — pick the one that fits your use case: - **For users**: Authenticate with `username`, `password`, and `grantType = password`. - **For machine-to-machine (M2M)**: Use `clientId`, `clientSecret`, and set `grantType = client_credentials`. ## OpenAPI ````yaml /en/openapi/v3-current/AM-auth.yaml post /v1/login/oauth/access_token openapi: 3.1.0 info: title: Auth Plugin description: '' version: 2.6.5 servers: - url: https://auth.sandbox.lerian.net security: [] tags: - name: Authentication API - name: MFA API - name: User Information API - name: Authorization API paths: /v1/login/oauth/access_token: post: tags: - Authentication API summary: Request an Access Token description: >- Use this endpoint to get an access token for a user or client. You can only use **one authentication method per request** — pick the one that fits your use case: - **For users**: Authenticate with `username`, `password`, and `grantType = password`. - **For machine-to-machine (M2M)**: Use `clientId`, `clientSecret`, and set `grantType = client_credentials`. parameters: [] requestBody: content: application/json: schema: $ref: '#/components/schemas/RequestAccessTokenInput' examples: ClientCredentialsGrant: summary: Client Credentials Grant description: >- Machine-to-machine (M2M) authentication using client credentials value: grantType: client_credentials clientId: ed1c72d366b07b84bd21 clientSecret: 81f42de0fbe038f1bfefac55328839c92e1878da PasswordGrant: summary: Password Grant description: User authentication using username and password value: grantType: password username: admin password: Lerian@123 responses: '200': description: > Returns the access credentials on successful authentication. If the user has MFA enabled, the response will contain an `MFAChallengeResponse` instead, with a temporary `mfaToken` to complete the verification flow through the MFA endpoints. content: application/json: schema: oneOf: - $ref: '#/components/schemas/OAuth2Token' - $ref: '#/components/schemas/MFAChallengeResponse' examples: SuccessfulLogin: summary: Successful Login (no MFA) value: accessToken: >- eyJhbGciOiJSUzI1NiIsImtpZCI6ImNlcnQtYnVpbHQtaW4iLCJ0eXAiOiJKV1QifQ... idToken: >- eyJhbGciOiJSUzI1NiIsImtpZCI6ImNlcnQtYnVpbHQtaW4iLCJ0eXAiOiJKV1QifQ... tokenType: Bearer expiresIn: 3600 refreshToken: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9... scope: openid profile email MFARequired: summary: MFA Required description: >- Returned when the user has MFA enabled. Use the mfaToken with the MFA verify or challenge endpoints. value: mfaRequired: true mfaToken: eyJhbGciOiJIUzI1NiJ9... availableMethods: - app - email preferredMethod: app headers: {} '400': description: '' content: application/json: schema: $ref: '#/components/schemas/ErrorMessage' examples: Error0001: $ref: '#/components/examples/Error0001' Error0003: $ref: '#/components/examples/Error0003' Error0009: $ref: '#/components/examples/Error0009' Error0013: $ref: '#/components/examples/Error0013' Error0014: $ref: '#/components/examples/Error0014' Error1001: $ref: '#/components/examples/Error1001' headers: {} '401': description: '' content: application/json: schema: $ref: '#/components/schemas/ErrorMessage' examples: Error1002: $ref: '#/components/examples/Error1002' Error1004: $ref: '#/components/examples/Error1004' headers: {} '500': description: '' content: application/json: schema: $ref: '#/components/schemas/ErrorMessage' examples: Error0005: $ref: '#/components/examples/Error0005' headers: {} security: [] components: schemas: RequestAccessTokenInput: description: >- Information used to request an access token. Use one authentication method per request. oneOf: - $ref: '#/components/schemas/PasswordGrantInput' - $ref: '#/components/schemas/ClientCredentialsGrantInput' discriminator: propertyName: grantType mapping: password: $ref: '#/components/schemas/PasswordGrantInput' client_credentials: $ref: '#/components/schemas/ClientCredentialsGrantInput' OAuth2Token: description: >- Information used to manage OAuth2 authentication data. It securely stores access credentials, ensuring seamless authorization and control over protected resources. type: object required: - accessToken - tokenType - expiresIn - refreshToken properties: accessToken: type: string description: A temporary token that grants the user secure access the APIs. expiresIn: type: integer description: The time (in seconds) until the token expires. idToken: type: string description: >- The identity details about the authenticated user in OpenID Connect standards. It can be used to verify user authentication. refreshToken: type: string description: >- A long-lived token that allows users to obtain a new `access_token` without requiring them to log in again. scope: type: string description: The level of access granted to the issued tokens tokenType: type: string description: The type of token issued. MFAChallengeResponse: description: >- Returned when MFA verification is required after successful credential validation. Contains the temporary MFA token and available verification methods. type: object required: - mfaRequired - mfaToken - availableMethods - preferredMethod properties: mfaRequired: type: boolean description: >- Indicates that MFA verification is required to complete authentication. mfaToken: type: string description: >- Temporary token used to complete the MFA flow. Pass this to the MFA verify or challenge endpoints. availableMethods: type: array items: type: string enum: - app - email - sms description: List of MFA methods configured for the user. preferredMethod: type: string enum: - app - email - sms description: The user's preferred MFA method. ErrorMessage: description: The response message error. type: object properties: code: type: string description: A unique, stable identifier for the error. title: type: string description: A brief summary of the issue. message: type: string description: Detailed guidance for resolving the error. PasswordGrantInput: description: Username and password authentication for user login. type: object required: - grantType - username - password properties: grantType: type: string enum: - password description: Grant type for username and password authentication. username: type: string description: Username for authentication. password: type: string description: Password for authentication. format: password ClientCredentialsGrantInput: description: Client credentials authentication for machine-to-machine (M2M) access. type: object required: - grantType - clientId - clientSecret properties: grantType: type: string enum: - client_credentials description: Grant type for client credentials authentication. clientId: type: string description: The unique identifier of the client provided by Identity. clientSecret: type: string description: >- The secret key associated with the ClientID used for secure authentication. format: password examples: Error0001: summary: Missing Fields in Request value: code: AUT-0001 title: Missing Fields in Request message: >- Your request is missing one or more required fields. Please refer to the documentation to ensure all necessary fields are included in your request. Error0003: summary: Unexpected Fields in the Request value: code: AUT-0003 title: Unexpected Fields in the Request message: >- The request body contains more fields than expected. Please send only the allowed fields as per the documentation. The unexpected fields are listed in the fields object. Error0009: summary: Bad Request value: code: AUT-0009 title: Bad Request message: >- The server could not understand the request due to malformed syntax. Please check the listed fields and try again. Error0013: summary: Invalid Grant Type value: code: AUT-0013 title: Invalid Grant Type message: >- The provided 'grantType' is not valid. Accepted grant types are 'password', 'client_credentials', 'refresh_token', or others. Please provide a valid type. Error0014: summary: Grant Type Missing Fields value: code: AUT-0014 title: Grant Type Missing Fields message: >- The provided 'grant_type' is missing required fields. Please refer to the documentation for guidance. Error1001: summary: Unsupported Grant Type value: code: AUT-1001 title: Unsupported Grant Type message: >- The provided 'grantType' is not supported by this application. Please refer to the application's supported grant types. Error1002: summary: Invalid Username or Password value: code: AUT-1002 title: Invalid Username or Password message: >- The provided 'username' or 'password' is incorrect. Please verify the credentials and try again. Error1004: summary: Invalid Client value: code: AUT-1004 title: Invalid Client message: >- The provided 'clientId' or 'clientSecret' is incorrect. Please verify the credentials and try again. Error0005: summary: Internal Server Error value: code: AUT-0005 title: Internal Server Error message: >- The server encountered an unexpected error. Please try again later or contact support. ````