# Obtain Access Token
The SP web application needs to obtain the access token from the available “code” which is received from UAE PASS in previous step (Obtain Authorization Code).
{% hint style="danger" %}
Token API request should be a back channel request
{% endhint %}
#### Access Token API
`POST` `https://stg-id.uaepass.ae/idshub/token`
**Headers**
| Name | Value |
| ------------- | ------------------- |
| Content-Type | multipart/form-data |
| Authorization | Basic {credentials} |
#### Parameters
| Name | Type | Description |
| ------------- | ------ | --------------------------------------------------------------------------------- |
| grant\_type | string | authorization\_code |
| redirect\_uri | string | Redirect URI to the application. |
| code | string | Authorization code received from previous step. (Obtain Authorization Code step). |
**Response**
In response, UAE PASS issues a bearer-type OAuth 2.0 access token and returns it in a JSON structure.
\
JSON object contains the access token and associated information.
{% tabs %}
{% tab title="200" %}
{% code overflow="wrap" %}
```json
{
"access_token": "856b9b82-2b52-3e20-8aab-36a5d9a97025",
"scope": "string",
"token_type": "Bearer",
"expires_in": expiry time
}
```
{% endcode %}
{% endtab %}
{% tab title="400" %}
```json
{
"error": "Invalid request"
}
```
{% endtab %}
{% endtabs %}
#### Response parameters
| Name | Description |
| ------------- | ------------------------------------------------------------------------------------- |
| access\_token | Access token generated by UAE PASS Server |
| token\_type | Type of access token. Always has the “Bearer” value. |
| expires\_in | Lifetime (in seconds) of the access token. |
| scope | Scopes granted to those to which the access token is associated, separated by spaces. |