# Obtain Access Token

Exchange client credentials for a bearer token.

Equivalent curl request:

curl --location 'https://cps-poc-api-access.auth.eu-south-2.amazoncognito.com/oauth2/token' \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data-urlencode 'grant_type=client_credentials' \
  --data-urlencode 'client_id=' \
  --data-urlencode 'client_secret='

Endpoint: POST /oauth2/token
Version: 1.0.0

## Request fields (application/x-www-form-urlencoded):

  - `grant_type` (string, required)
    Must be client_credentials
    Enum: "client_credentials"

  - `client_id` (string, required)
    The OAuth2 client ID issued by Amazon Cognito
    Example: "4356456"

  - `client_secret` (string, required)
    The OAuth2 client secret issued by Amazon Cognito
    Example: "123ga"

## Response 200 fields (application/json):

  - `access_token` (string)
    Bearer token to include in the Authorization header of API requests

  - `expires_in` (integer)
    Token lifetime in seconds
    Example: 3600

  - `token_type` (string)
    Always Bearer
    Example: "Bearer"

## Response 400 fields (application/json):

  - `error` (string)
    OAuth2 error code

  - `error_description` (string)
    Human-readable error detail

## Response 401 fields (application/json):

  - `error` (string)
    OAuth2 error code

  - `error_description` (string)
    Human-readable error detail