# Access token (M2M) {% hint style="info" %} ***This page must be considered part of the iSHARE Framework*** *This page is considered normative and is therefore compliant with RFC 2119.* {% endhint %} ## Obtains access token > Used to obtain an OAuth access token from a Participant Registry, Authorization Registry or Service Provider. The access token must be added under "Authorization" header attribute for secured endpoints. Refer to relevant endpoints on proper usage. ```json {"openapi":"3.0.0","info":{"title":"iSHARE API specifications","version":"2.2"},"tags":[{"name":"Participant Registry","description":"Endpoints that form the iSHARE Participant Registry API specification."},{"name":"Service Provider","description":"Endpoints that form the Service Provider API specification."},{"name":"Authorisation Registry","description":"Endpoints that form the Authorisation Registry API specification."}],"servers":[{"description":"iSHARE UAT network base domain","url":"https://isharetest.net"},{"description":"iSHARE TEST network base domain","url":"https://test.ishareworks.nl"}],"paths":{"/[v2.2]/connect/token":{"post":{"requestBody":{"content":{"application/x-www-form-urlencoded":{"schema":{"required":["grant_type","scope","client_id","client_assertion_type","client_assertion"],"type":"object","properties":{"grant_type":{"description":"OAuth 2.0 grant type. MUST contain “client_credentials”","type":"string"},"scope":{"description":"OAuth 2.0 scope. MUST contain iSHARE scope value. Other values allow the Service Consumer to get tokens that do not include all rights the Service Consumer has. According to RFC 6749, scopes are case-sensitive.","type":"string"},"client_id":{"description":"Used in iSHARE for all client identification for OAuth/OpenID Connect. MUST contain a valid party identifier of the Service Consumer","type":"string"},"client_assertion_type":{"description":"Used in iSHARE for all client identification for OAuth/OpenID Connect. MUST contain “urn:ietf:params:oauth:client-assertion-type:jwt-bearer”","type":"string"},"client_assertion":{"description":"Used in iSHARE for all client identification for OAuth/OpenID Connect. MUST contain JWT token conform iSHARE specifications, signed by the client.","type":"string"}}}}},"required":true},"tags":["Participant Registry","Authorisation Registry","Service Provider"],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/ConnectTokenResponse"}}},"description":"OK"}},"deprecated":false,"operationId":"/connect/token","summary":"Obtains access token","description":"Used to obtain an OAuth access token from a Participant Registry, Authorization Registry or Service Provider. The access token must be added under \"Authorization\" header attribute for secured endpoints. Refer to relevant endpoints on proper usage."}}},"components":{"schemas":{"ConnectTokenResponse":{"title":"ConnectTokenResponse","type":"object","properties":{"access_token":{"type":"string"},"token_type":{"type":"string"},"expires_in":{"type":"number"}}}}}} ``` The format of `access_token` is not defined by this specification. They are left to the server and should be opaque to the Service Consumer. {% hint style="info" %} According to [RFC 6749](https://tools.ietf.org/html/rfc6749), scopes are case-sensitive. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://dev.ishare.eu/version-2.2/all-roles-common-endpoints/access-token-m2m.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.