# 1. Token

Firstly, the document signature application/portal calls the UAEPASS API to obtain the access token using client credentials issued to them.

## API Calling Method

<mark style="color:green;">`POST`</mark> `stg-id.uaepass.ae/trustedx-authserver/oauth/main-as/token`&#x20;

HTTP/1.1

#### Headers

| Name          | Type   | Description                               |
| ------------- | ------ | ----------------------------------------- |
| Authorization | string | Basic ZG9jc2lnbjpkZW1vZGVtbw==            |
| Content-Type  | string | application/x-www-form-urlencoded         |
| grant\_type   | string | client\_credentials                       |
| scope         | string | urn:safelayer:eidas:sign:process:document |

{% tabs %}
{% tab title="200 Content-Type: application/json;charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache" %}

```
{
    "access_token": "6fed0c30a51643f9b6ad7365cf90d7e.....72848cf0fb3aee9ad5ac1811212",
    "token_type": "Bearer",
    "expires_in": 600,
    "scope": "urn:safelayer:eidas:sign:process:document"
}
 
```

{% endtab %}
{% endtabs %}

{% hint style="info" %} <mark style="color:$info;">**Note: Token remains valid for 10 mins. If the same user signs the document within that time period, token endpoint is not required to be invoked again.**</mark>
{% endhint %}