Get an access token

View as MarkdownOpen in Claude
Exchanges a client ID and client secret for a short-lived Bearer access token using the OAuth2 client-credentials flow. Designed for server-to-server use: the credentials and the returned token stay on your backend. Send the returned `access_token` in the `Authorization` header as `Bearer <access_token>` on subsequent API calls. See the [OAuth authentication guide](/developers/oauth-authentication) for the full flow.

Request

This endpoint expects an object.
clientIdstringRequired>=1 character
The client ID issued for your integration when credentials are provisioned in the Payabli Portal.
clientSecretstringRequired>=1 character

The client secret issued alongside the client ID. Keep it on your backend and never expose it in client-side code.

statestring or nullOptional
An optional opaque value echoed back in the response. Use it to correlate the request with its response.
permissionslist of strings or nullOptional
An optional array of permission IDs that scopes the token to a subset of the credential's granted permissions. When omitted, the token carries all permissions granted to the credential.

Response

Access token issued.
token_typestring

The token type. Send the access token in the Authorization header as Bearer <access_token>.

access_tokenstring
The access token to send on subsequent API calls.
expires_ininteger
The token's lifetime in seconds. Request a new token when it expires.
statestring or null

The opaque value sent in the request, echoed back. Present only when you send state in the request.

Errors

400
Bad Request Error