> ## Documentation Index
> Fetch the complete documentation index at: https://stytch.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.
# Get M2M Access Token
> Retrieve an access token for a given M2M Client using the Stytch API
Access tokens are JWTs signed with the project's [JWKS](/api-reference/b2b/api/sessions/get-jwks) and are valid for one hour after issuance. M2M Access tokens contain a standard set of claims as well as any custom claims generated from templates.
M2M Access tokens can be validated locally using the [Authenticate M2M Access Token](/api-reference/b2b/api/m2m/token/authenticate-access-token) method in the Stytch Backend SDKs, or with any library that supports JWT signature validation.
Here is an example of a standard set of claims from an M2M Access Token:
```json theme={null}
{
"sub": "m2m-client-test-d731954d-dab3-4a2b-bdee-07f3ad1be885",
"iss": "stytch.com/PROJECT_ID",
"aud": ["PROJECT_ID"],
"scope": "read:users write:users",
"iat": 4102473300,
"nbf": 4102473300,
"exp": 4102476900
}
```
Unlike other Stytch API endpoints, this endpoint is not authenticated with a `project_id` and `project_secret` pair. Instead, it is authenticated via the `client_id` and `client_secret` of an active M2M Client within the current project.
This endpoint is a [RFC-6749](https://datatracker.ietf.org/doc/html/rfc6749#section-4.4) compliant token issuing endpoint.
* This endpoint supports passing the `client_id` and `client_secret` within the request body as well as within a [HTTP-Basic Auth](https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1) header.
* This endpoint supports both `application/json` and `application/x-www-form-urlencoded` content types.
***
### Path parameters
The ID of the Stytch project.
### Body
The ID of the client.
The secret of the client.
A space delimited string of scopes requested. If omitted, all scopes assigned to the client will be returned.
The OAuth2 defined grant type that should be used to acquire an access token. Only "`client_credentials`" is supported for M2M Clients. An error will be returned if this parameter is omitted.
### Response
The access token granted to the client. Access tokens are JWTs signed with the project's JWKS.
The type of the returned access token. Today, this value will always be equal to "bearer"
The lifetime in seconds of the access token. For example, the value 3600 denotes that the access token will expire in one hour from the time the response was generated.
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we
may ask for this value to help identify a specific API call when helping you debug an issue.
The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values
equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
```bash cURL theme={null}
curl --request POST \
--url https://test.stytch.com/v1/public/project-test-8aed2e54-0266-4793-9b5e-0cc9c56064da/oauth2/token \
-H 'Content-Type: application/json' \
-d '{
"client_id": "m2m-client-test-d731954d-dab3-4a2b-bdee-07f3ad1be885",
"client_secret": "NHQhc7ZqsXJVtgmN2MXr1etqsQrGAwJ-iBWNLKY7DzJj",
"grant_type": "client_credentials"
}'
```
```js Node SDK theme={null}
const stytch = require('stytch');
const client = new stytch.B2BClient({
project_id: '${projectId}',
secret: '${secret}',
});
const params = {
client_id: '${exampleM2MClientID}',
client_secret: '${exampleM2MClientSecret}',
scopes: ['read:users', 'write:users'],
};
client.m2m
.token(params)
.then((resp) => {
console.log(resp);
})
.catch((err) => {
console.log(err);
});
```
```go Go SDK theme={null}
package main
import (
"context"
"log"
"github.com/stytchauth/stytch-go/v9/stytch/b2b/b2bstytchapi"
"github.com/stytchauth/stytch-go/v9/stytch/consumer/m2m"
)
func main() {
client, err := b2bstytchapi.NewClient(
"${projectId}",
"${secret}",
)
if err != nil {
log.Fatalf("error instantiating API client %s", err)
}
resp, err := client.M2M.Token(
context.Background(),
&m2m.TokenParams{
ClientID: "${exampleM2MClientID}",
ClientSecret: "${exampleM2MClientSecret}",
Scopes: []string{"read:users", "write:users"},
},
)
if err != nil {
log.Println(err)
}
log.Println(resp)
}
```
```python Python SDK theme={null}
from stytch import B2BClient
client = B2BClient(
project_id="${projectId}",
secret="${secret}",
)
resp = client.m2m.token(
client_id="${exampleM2MClientID}",
client_secret="${exampleM2MClientSecret}",
scopes=["read:users", "write:users"]
)
print(resp)
```
```ruby Ruby SDK theme={null}
require 'stytch'
client = StytchB2B::Client.new(
project_id: "${projectId}",
secret: "${secret}"
)
resp = client.m2m.token(
client_id: "${exampleM2MClientID}",
client_secret: "${exampleM2MClientSecret}",
scopes: ["read:users", "write:users"]
)
puts resp
```
```json 200 theme={null}
{
"status_code": 200,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"access_token": "eyJ...",
"token_type": "bearer",
"expires_in": 3600
}
```
```json 404 theme={null}
{
"status_code": 404,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "m2m_client_not_found",
"error_message": "The m2m client requested could not be found.",
"error_url": "https://stytch.com/docs/api/errors/404"
}
```
```json 429 theme={null}
{
"status_code": 429,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "too_many_requests",
"error_message": "Too many requests have been made.",
"error_url": "https://stytch.com/docs/api/errors/429"
}
```
```json 500 theme={null}
{
"status_code": 500,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "internal_server_error",
"error_message": "Oops, something seems to have gone wrong, please reach out to support@stytch.com to let us know what went wrong.",
"error_url": "https://stytch.com/docs/api/errors/500"
}
```