# Generate Access Token API

This API is used to generate an access token using the client secret created from the CFC settings page. The generated access token can then be used to access the protected business resource APIs.

{% hint style="warning" %}
**Rate limiting**

This API is rate limited to a maximum of 288 requests per day per API client secret. This means that you can make up to 288 requests to the API in a 24-hour period using a single API client secret. If you exceed this limit, you will receive HTTP status code `429 Too Many Requests` error.

The rate limit is reset every day at midnight UTC. This means that if you make your 288th request at 11:59 PM UTC, you will be able to make another request at 12:00 AM UTC.

To avoid hitting the rate limit, use caching to share the access token across multiple requests until the expiry datetime. This will help you to save requests and stay within the rate limit.
{% endhint %}

### Request Method

GET

### Request URL

```
{{BASE_URL}}/integration/v1/authz/token
```

{% hint style="info" %}
Replace the `{{BASE_URL}}` with the one mentioned [here for India](https://docs.cleartax.in/cleartax-docs/clear-finance-cloud/cfc-api-reference/..#1.-api-urls-to-be-used-whitelisted) (or [here for KSA](https://docs.cleartax.in/cleartax-docs/e-invoicing-ksa-api/e-invoicing-ksa-api-reference)) based on whether you are using sandbox or production.
{% endhint %}

### Request Headers

<table><thead><tr><th width="183">Parameter</th><th width="129">Data Type</th><th>Field Validations</th><th>Description</th></tr></thead><tbody><tr><td>x-clear-client-secret</td><td>String</td><td>Cannot be empty.</td><td>Mandatory. API Client secret generated from Clear UI. <a href="../../learn-clear-finance-cloud-basics/api-client#what-is-a-client-secret">Learn more</a></td></tr></tbody></table>

### Request Path Params

There are no path parameters for this API.

### Request Query Params

There are no query parameters for this API.

### Request Body

There is no request body for this API.

### Sample Request

{% code overflow="wrap" %}

```bash
curl --location --request GET 'https://api-sandbox.clear.in/integration/v1/authz/token' \
--header 'x-clear-client-secret: 3eboH/vsr2VpGNFqDSXzVs0yNj0fMDJToPjs71V3WATqLtmzf9kyNBZ24mCNRJsDj2tEe72PxFDOPccR579w=='
```

{% endcode %}

### Response Status Codes

<table><thead><tr><th width="192">HTTP Status Code</th><th>Description</th></tr></thead><tbody><tr><td>200</td><td>For a successfully processed request.</td></tr><tr><td>401</td><td>If the user is not authenticated for the operation.</td></tr><tr><td>500</td><td>If there are any unhandled exceptions on Clear side.</td></tr></tbody></table>

### Response Schema

<table><thead><tr><th width="164">Parameter</th><th width="106">Data Type</th><th width="109">Field Constraints</th><th>Description</th></tr></thead><tbody><tr><td>access_token</td><td>String</td><td>MaxLength: 256</td><td>Access token generated by Clear. If there is an error, then this field will not be returned.</td></tr><tr><td>valid_till</td><td>String</td><td><p>Format: ISO 8601.</p><p><br>YYYY-MM-DDTHH:MM:SS+00:00</p></td><td>Timestamp up to which the access token will be valid in UTC (GMT time zone). This period will be based on the expiration field set at the time of creation of API Client. If it was set as “Never expires”, then this value will be null. If there is an error, then this field will not be returned.</td></tr><tr><td>errors</td><td>Array</td><td>NA</td><td>Array of Error Details Objects. If there are no errors, this field will not be returned.</td></tr></tbody></table>

#### Error Details Object

<table><thead><tr><th width="173">Parameter</th><th width="113">Data Type</th><th width="130">Field Constraints</th><th>Description</th></tr></thead><tbody><tr><td>error_code</td><td>String</td><td>NA</td><td>Error code based on the rule or precondition that failed.</td></tr><tr><td>error_message</td><td>String</td><td>NA</td><td>Detailed error description.</td></tr><tr><td>error_source</td><td>String</td><td>NA</td><td>Source of the error. This will always be “CLEAR”.</td></tr><tr><td>error_id</td><td>String</td><td>NA</td><td>Unique ID of the error generated by Clear for unhandled errors and exceptions. If present, this ID may be quoted while raising a support case.</td></tr></tbody></table>

{% hint style="danger" %}

### Be wary of duplicate or premature requests!

If you already have an access token which is not expired, and you make an API request to this endpoint from the same client secret, then you will receive a new access token and the existing access token will be revoked.
{% endhint %}

### Sample Response

**Success - HTTP Status Code - 200**

{% code overflow="wrap" lineNumbers="true" %}

```json
{
  “access_token”: “1.2f205010-b96c-84ar-9dcd-5524c42eb99e_4d05f5b02559a70d65c958d15e1747b5c17512edf65a4b70d794a86bc77d9855”,
  “valid_till”: “2023-04-11T20:21:24+00:00”
}
```

{% endcode %}

**Failure - HTTP Status Code - 401**

If the client secret header key is missing OR If the client secret header value is null.

{% code lineNumbers="true" %}

```json
{
  "errors": [
    {
      "error_code": "CLI-SEC-001",
      "error_message": "Client secret header is missing or value is empty.",
      "error_source": "CLEAR",
      “error_id”: null
    }
  ]
}
```

{% endcode %}

**Failure - HTTP Status Code - 401**

If the client secret header value is incomplete, incorrect or invalid OR If the API client is deleted.

{% code lineNumbers="true" %}

```json
{
  "errors": [
    {
      "error_code": "CLI-SEC-002",
      "error_message": "Invalid or inactive client secret.",
      "error_source": "CLEAR",
      “error_id”: null
    }
  ]
}
```

{% endcode %}

**Failure - HTTP Status Code - 401**

If the client IP address is not within the whitelisted range.

{% code lineNumbers="true" %}

```json
{
  "errors": [
    {
      "error_code": "CLI-SEC-003",
      "error_message": "API Client IP is not within the allowed IP range.",
      "error_source": "CLEAR",
      “error_id”: null
    }
  ]
}
```

{% endcode %}

### API Validations

There are no validations other than authentication in this API.

### API Constraints

1. This API needs to be authenticated with a valid client secret. If the client secret is missing, null, empty, invalid, incomplete or incorrect, the API will return HTTP Status Code 401.
2. If the request is made from an IP address not in the range of allowed IPs set at the time of creation of the API client, then API will return HTTP Status Code 401.
3. This API is rate limited to a maximum of 288 requests per day per API client secret. This means that you can make up to 288 requests to the API in a 24-hour period using a single API client secret. If you exceed this limit, you will receive HTTP status code 429 Too Many Requests error.

{% hint style="warning" %}

### Keep it safe!

Access token is a confidential information. After creating an access token, it's important to persist it in a secure location.
{% endhint %}

{% embed url="<https://youtu.be/HRtOB1POLoQ>" %}

## FAQs on Access Token

{% content-ref url="../learn-clear-finance-cloud-basics/access-token" %}
[access-token](https://docs.cleartax.in/cleartax-docs/clear-finance-cloud/learn-clear-finance-cloud-basics/access-token)
{% endcontent-ref %}