Access token

What is an access token?

An access token is a confidential private key that can be used by a client application to authenticate itself to the Clear products (eg: GST, Max ITC, E-Invoice, etc) to access business resources via API.

What is the difference between a client secret and an access token?

While a client secret can be used to only generate access tokens, an access token so generated can be used to access business resources APIs (eg: to generate E-Invoice, upload documents, etc).

Similar to a client secret, an access token is specific to an environment and a workspace. This means, for the Clear sandbox and production environment, you will need a separate client secret. Similarly, if you have multiple workspaces in Clear, you will need a separate client secret. Based on the products selected at the time of the creation of a client secret, the access token may be restricted to those products as well.

How to generate an access token?

To generate an access token, you will need a client secret. If you do not have a client secret yet, check the guide on creating an API client here. If you already have a client secret, use the "Generate Access Token API" as documented below.

Generate Access Token API

To learn how to generate access token using API, refer to the Generate Access Token API reference.

How to regenerate an access token?

If your existing access token has expired, you may want to regenerate the access token. To regenerate an access token, follow the same steps mentioned for generating an access token.

If your existing access token has not expired, and if you generate a new access token with the same client secret, then you will receive a new access token and the old access token will be automatically revoked.

So even if you want to revoke an existing access token, you can simply generate a new access token to revoke the old access token automatically. If you want to revoke an existing access token and would never want to generate a new access token, then you can log in to Clear and delete the API client permanently.

How to use an access token?

After receiving the access token, it should be kept in a secure location within your ERP or billing system. Depending on your system, there are different methods to store this key:

  • For SAP ECC or S/4HANA, a custom table can be created to manage the access token.

  • For SAP CPI iflows, the keystore can be used to store the access token.

  • For a custom application, the access token can be kept in Vault, environment variables, or another secure location.

It is important to ensure that only authorized users have access to this storage location. The access token must be accessible to your application so that it can seamlessly access business resource APIs.

You can use the access token in the API request header of any product API as below:

x-cleartax-auth-token: {{latest_access_token_here}}

Last updated