> ## Documentation Index
> Fetch the complete documentation index at: https://stytch.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Authenticate M2M Access Token

> Authenticate a Machine-to-Machine (M2M) access token issued by Stytch

M2M access tokens are JWTs signed with the project's JSON Web Keys, and can be validated locally using any Stytch client library.

You may pass in an optional set of scopes that the JWT must contain in order to enforce permissions.

<Note>
  This method is only available via our backend SDKs.
</Note>

### Body

<ParamField body="access_token" type="string" required>
  The access token granted to the client. Access tokens are JWTs signed with the project's JWKS.
</ParamField>

<ParamField body="required_scopes" type="array[string]">
  The set of scopes this token is expected to contain. If the token is missing *any* of the scopes passed in, an error is returned.
</ParamField>

<ParamField body="max_token_age" type="number">
  The maximum allowed age of the JWT. M2M tokens are valid for one hour by default, but you can require a more-recent JWT on sensitive routes.
</ParamField>

<ParamField body="clock_tolerance_seconds" type="number">
  The clock tolerance to use during token verification. This can help with clock drift issues.
</ParamField>

### Response

<ResponseField type="string" name="client_id">
  The ID of the M2M Client the token was issued to.
</ResponseField>

<ResponseField type="array[string]" name="scopes">
  The complete set of scopes contained within the access token.
</ResponseField>

<ResponseField type="object" name="custom_claims">
  Any additional custom claims that were found within the JWT. Custom claims can be generated from an M2M Client's metadata by using a JWT Template configured in the Dashboard.
</ResponseField>

<ResponseField name="request_id" type="string">
  Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we
  may ask for this value to help identify a specific API call when helping you debug an issue.
</ResponseField>

<ResponseField name="status_code" type="number">
  The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values
  equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
</ResponseField>

<Panel>
  <RequestExample>
    ```js Node SDK theme={null}
    const stytch = require('stytch');

    const client = new stytch.Client({
      project_id: 'PROJECT_ID',
      secret: 'SECRET',
    });

    const params = {
      access_token: 'eyJ...',
      required_scopes: ['write:users'],
    };

    client.m2m
      .authenticateToken(params)
      .then((resp) => {
        console.log(resp);
      })
      .catch((err) => {
        console.log(err);
      });

    ```

    ```go Go SDK theme={null}
    package main

    import (
      "context"
      "log"

      "github.com/stytchauth/stytch-go/v9/stytch/consumer/stytchapi"
      "github.com/stytchauth/stytch-go/v9/stytch/consumer/m2m"
    )

    func main() {
      client, err := stytchapi.NewClient(
        "PROJECT_ID",
        "SECRET",
      )
      if err != nil {
        log.Fatalf("error instantiating API client %s", err)
      }

      resp, err := client.M2M.AuthenticateToken(
        context.Background(),
        &m2m.AuthenticateTokenParams{
          AccessToken: "eyJ...",
          RequiredScopes: []string{"write:users"},
        }
      )
      if err != nil {
        log.Println(err)
      }

      log.Println(resp)
    }

    ```

    ```python Python SDK theme={null}
    from stytch import Client

    client = Client(
        project_id="PROJECT_ID",
        secret="SECRET",
    )

    resp = client.m2m.authenticate_token(
        access_token="eyJ...",
        required_scopes=["read:users", "write:users"]
    )

    print(resp)
    ```

    ```ruby Ruby SDK theme={null}
    require 'stytch'

    client = Stytch::Client.new(
        project_id: "PROJECT_ID",
        secret: "SECRET"
    )

    resp = client.m2m.authenticate_token(
        access_token: "eyJ...",
        required_scopes: ["read:users", "write:users"]
    )
    puts resp
    ```

    ```bash cURL theme={null}
    # This is a custom method that doesn't directly hit an API endpoint, so it's only available in our SDKs.
    ```
  </RequestExample>

  <ResponseExample>
    ```json 200 theme={null}
    {
        "client_id": "m2m-client-test-d731954d-dab3-4a2b-bdee-07f3ad1be885",
        "scopes": ["read:users","write:users"],
        "custom_claims": {
            "contact_email": "notice@example.com"
        }
    }
    ```

    ```json 404 theme={null}
    {
      "status_code": 404,
      "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
      "error_type": "m2m_client_not_found",
      "error_message": "The m2m client requested could not be found.",
      "error_url": "https://stytch.com/docs/api/errors/404"
    }
    ```

    ```json 429 theme={null}
    {
      "status_code": 429,
      "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
      "error_type": "too_many_requests",
      "error_message": "Too many requests have been made.",
      "error_url": "https://stytch.com/docs/api/errors/429"
    }
    ```

    ```json 500 theme={null}
    {
      "status_code": 500,
      "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
      "error_type": "internal_server_error",
      "error_message": "Oops, something seems to have gone wrong, please reach out to support@stytch.com to let us know what went wrong.",
      "error_url": "https://stytch.com/docs/api/errors/500"
    }
    ```
  </ResponseExample>
</Panel>
