> This is Payabli documentation. For a complete page index, fetch https://docs.payabli.com/llms.txt — append .md to any page URL for lightweight markdown. For section-level indexes, query parameters, and other AI-optimized access methods, see https://docs.payabli.com/ai-agents.md

# Get an access token

POST https://api-sandbox.payabli.com/api/v2/Token/serverside
Content-Type: application/json

Exchanges a client ID and client secret for a short-lived Bearer access token using the OAuth2 client-credentials flow. Designed for server-to-server use: the credentials and the returned token stay on your backend. Send the returned `access_token` in the `Authorization` header as `Bearer <access_token>` on subsequent API calls. See the [OAuth authentication guide](/developers/oauth-authentication) for the full flow.

Reference: https://docs.payabli.com/developers/api-reference/get-an-access-token

## OpenAPI Specification

```yaml
openapi: 3.1.0
info:
  title: payabliApi-oas
  version: 1.0.0
paths:
  /v2/Token/serverside:
    post:
      operationId: CreateServerSideToken
      summary: Get an access token (server-side)
      description: >-
        Exchanges a client ID and client secret for a short-lived Bearer access
        token using the OAuth2 client-credentials flow. Designed for
        server-to-server use: the credentials and the returned token stay on
        your backend. Send the returned `access_token` in the `Authorization`
        header as `Bearer <access_token>` on subsequent API calls. See the
        [OAuth authentication guide](/developers/oauth-authentication) for the
        full flow.
      tags:
        - Token
      responses:
        '200':
          description: Access token issued.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PayabliAccessTokenResponse'
        '400':
          description: Invalid or missing client credentials.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/TokenErrorResponse'
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/TokenExchangeByClientIdModel'
servers:
  - url: https://api-sandbox.payabli.com/api
    description: Sandbox
  - url: https://api.payabli.com/api
    description: Production
components:
  schemas:
    TokenExchangeByClientIdModel:
      type: object
      properties:
        clientId:
          type: string
          description: >-
            The client ID issued for your integration when credentials are
            provisioned in the Payabli Portal.
        clientSecret:
          type: string
          description: >-
            The client secret issued alongside the client ID. Keep it on your
            backend and never expose it in client-side code.
        state:
          type:
            - string
            - 'null'
          description: >-
            An optional opaque value echoed back in the response. Use it to
            correlate the request with its response.
        permissions:
          type:
            - array
            - 'null'
          items:
            type: string
            format: uuid
          description: >-
            An optional array of permission IDs that scopes the token to a
            subset of the credential's granted permissions. When omitted, the
            token carries all permissions granted to the credential.
      required:
        - clientId
        - clientSecret
      description: Request body for exchanging client credentials for an access token.
      title: TokenExchangeByClientIdModel
    PayabliAccessTokenResponse:
      type: object
      properties:
        token_type:
          type: string
          description: >-
            The token type. Send the access token in the `Authorization` header
            as `Bearer <access_token>`.
        access_token:
          type: string
          description: The access token to send on subsequent API calls.
        expires_in:
          type: integer
          description: >-
            The token's lifetime in seconds. Request a new token when it
            expires.
        state:
          type:
            - string
            - 'null'
          description: >-
            The opaque value sent in the request, echoed back. Present only when
            you send `state` in the request.
      required:
        - token_type
        - access_token
        - expires_in
      description: >-
        Successful response from the token endpoint. Returns the access token,
        its lifetime, and any state echoed from the request.
      title: PayabliAccessTokenResponse
    TokenErrorResponse:
      type: object
      properties:
        errorType:
          type: string
          description: The error category, for example `InvalidCredentials`.
        errorMessage:
          type: string
          description: A human-readable error description.
      required:
        - errorType
        - errorMessage
      description: >-
        Error response from the token endpoint when the request is invalid, for
        example when the client credentials are wrong.
      title: TokenErrorResponse

```

## Examples



**Request**

```json
{
  "clientId": "YOUR_CLIENT_ID",
  "clientSecret": "YOUR_CLIENT_SECRET"
}
```

**Response**

```json
{
  "token_type": "Bearer",
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.example.token",
  "expires_in": 3600
}
```

**SDK Code**

```typescript
import { PayabliClient } from "@payabli/sdk-node";

async function main() {
    const client = new PayabliClient();
    await client.token.createServerSideToken({
        clientId: "YOUR_CLIENT_ID",
        clientSecret: "YOUR_CLIENT_SECRET",
    });
}
main();

```

```python
from payabli import payabli

client = payabli()

client.token.create_server_side_token(
    client_id="YOUR_CLIENT_ID",
    client_secret="YOUR_CLIENT_SECRET",
)

```

```java
package com.example.usage;

import io.github.payabli.api.PayabliPayabliApiOasClient;
import io.github.payabli.api.resources.token.requests.CreateServerSideTokenRequest;

public class Example {
    public static void main(String[] args) {
        PayabliPayabliApiOasClient client = PayabliPayabliApiOasClient
            .builder()
            .build();

        client.token().createServerSideToken(
            CreateServerSideTokenRequest
                .builder()
                .clientId("YOUR_CLIENT_ID")
                .clientSecret("YOUR_CLIENT_SECRET")
                .build()
        );
    }
}
```

```csharp
using PayabliPayabliApiOas;
using System.Threading.Tasks;

namespace Usage;

public class Example
{
    public async Task Do() {
        var client = new PayabliPayabliApiOasClient();

        await client.Token.CreateServerSideTokenAsync(
            new CreateServerSideTokenRequest {
                ClientId = "YOUR_CLIENT_ID",
                ClientSecret = "YOUR_CLIENT_SECRET"
            }
        );
    }

}

```

```go
package example

import (
    context "context"

    payabli "github.com/payabli/sdk-go"
    client "github.com/payabli/sdk-go/client"
)

func do() {
    client := client.NewClient()
    request := &payabli.CreateServerSideTokenRequest{
        ClientId: "YOUR_CLIENT_ID",
        ClientSecret: "YOUR_CLIENT_SECRET",
    }
    client.Token.CreateServerSideToken(
        context.TODO(),
        request,
    )
}

```

```php
<?php

namespace Example;

use Payabli\PayabliClient;
use Payabli\Token\Requests\CreateServerSideTokenRequest;

$client = new PayabliClient();
$client->token->createServerSideToken(
    new CreateServerSideTokenRequest([
        'clientId' => 'YOUR_CLIENT_ID',
        'clientSecret' => 'YOUR_CLIENT_SECRET',
    ]),
);

```

```ruby
require 'uri'
require 'net/http'

url = URI("https://api-sandbox.payabli.com/api/v2/Token/serverside")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["Content-Type"] = 'application/json'
request.body = "{\n  \"clientId\": \"YOUR_CLIENT_ID\",\n  \"clientSecret\": \"YOUR_CLIENT_SECRET\"\n}"

response = http.request(request)
puts response.read_body
```

```swift
import Foundation

let headers = ["Content-Type": "application/json"]
let parameters = [
  "clientId": "YOUR_CLIENT_ID",
  "clientSecret": "YOUR_CLIENT_SECRET"
] as [String : Any]

let postData = JSONSerialization.data(withJSONObject: parameters, options: [])

let request = NSMutableURLRequest(url: NSURL(string: "https://api-sandbox.payabli.com/api/v2/Token/serverside")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
    print(error as Any)
  } else {
    let httpResponse = response as? HTTPURLResponse
    print(httpResponse)
  }
})

dataTask.resume()
```