# OAuth2 Token

<figure><img src="/files/n4CI0MQwZEWUkXBTHbxY" alt=""><figcaption></figcaption></figure>

**Type:** POST

**End Point:** /api/oauth2/Token

Description: - `/api/oauth2` is sent a GET request locally in which the server responds with the response to a GET request to the passed `redirect_uri` also containing a `code` parameter - Using the returned `code`, locally issue a POST request to this endpoint with the same params as to `/api/oauth2` as well as a `client_secret`, the returned `code`, `"grant_type": "authorization_code"`, and optionally a `userid` (only if authenticating as user) - The response will contain an `access_code` if the process went smoothly. This can then be used in the request headers like `"Authorization": f"Bearer {access_code}", "Accept": "application/json"` in order to access the protected api endpoints - NOTE: if the POST request was made with a valid `userid`, this access token will work for all the protected endpoints. If not, then this will only allow for accessing `/api/Users/ListUsers` - This process must first be invoked (also starting with the process for `/api/oauth2` endpoint) to get the token for generic access (without passing a `userid`). Using the recieved access\_token from the response hereto, one can then invoke the process again using that access token in the request headers and the valid `userid` in order to get the user-specific access token (which should then be used exclusively as the bearer token instead of the previously used generic token)

**Parameters:** No parameters

1. To get generic access token - Params: - `client_id` - `client_secret` - `"grant_type": "authorization_code"` - `code` (from earlier call to `/api/oauth2`) - `response_uri` - Headers: Not Necessary - Response Data: - access\_token : the generic access token to use in the headers for listing users or getting the user-specific access token&#x20;
2. To get user-specific access token - Params: - `client_id` - `client_secret` - `"grant_type": "authorization_code"` - `code` (from earlier call to `/api/oauth2`) - `response_uri` - `userid` (a valid id of an existing & authorized user) - Headers: - `"Authorization": f"Bearer {access_code}", "Accept": "application/json"` - Response Data: - access\_token : The user-specific access token with which to use for any other endpoint - Note: Once retrieved, the headers for any other endpoint should contain `"Authorization": f"Bearer {user_specific_access_code}", "Accept": "application/json"` where the user\_specific\_access\_code is this `access_token` from this usage


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.aicrisk.com/server-admin/api-access/oauth2/oauth2-token.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.