> ## Documentation Index > Fetch the complete documentation index at: https://docs.whitebit.com/llms.txt > Use this file to discover all available pages before exploring further. # Get Access Token > Exchange an authorization code for an OAuth 2.0 access token to authenticate API requests. ## OpenAPI ````yaml openapi/oauth2.yaml POST /oauth2/token openapi: 3.0.3 info: title: OAuth 2.0 API Reference description: WhiteBIT OAuth 2.0 API for authentication and account management version: 1.0.0 servers: - url: https://whitebit.com description: WhiteBIT Global Server - url: https://whitebit.eu description: WhiteBIT EU Server security: [] tags: - name: Authentication description: > OAuth 2.0 authentication endpoints for obtaining and refreshing access tokens. Available Scopes (requested during client setup): - general: General API access - show.userinfo: Access to basic user information - users.read: Read user data - users.email.read: Read user email information - users.kyc.read: Information about whether a user has passed KYC verification - orders.read: Read trading orders - orders.create: Create trading orders - orders.delete: Delete trading orders - balances.read: Read account balances - markets.read: Read market information - deals.read: Read trading deals - orders_history.read: Read order history - users.transactions.read: Read user transactions - users.converts.read: Read currency conversion history - users.balances.read: Read user account balances - users.orders.read: Read user orders - users.deals.read: Read user deals - apikeys.create: Issue an OAuth-bound API key during the consent flow - apikeys.read: Read OAuth-issued API key state and retrieve its secret once - apikeys.delete: Delete an OAuth-issued API key linked to the partner - name: Account Endpoints description: >- Endpoints for retrieving account information, balances, and transaction history - name: OAuth API Keys description: > Partner-facing endpoints for managing API keys created via the OAuth API key flow. Available on the global server (`https://whitebit.com`) only. The EU server (`https://whitebit.eu`) does not expose these endpoints in this release. Required scopes: - `apikeys.read` for `GET /oauth2/api-key/info` and `GET /oauth2/api-key/{externalId}/secret` - `apikeys.delete` for `DELETE /oauth2/api-key/{externalId}` paths: /oauth2/token: post: tags: - Authentication summary: Get Access Token description: > The endpoint activates an access token by exchanging an authorization code. **Important Notes:** - Access token duration is 300 seconds - The IP of the client must be added to WB Allowlist **Request Headers:** - Content-Type: application/x-www-form-urlencoded requestBody: required: true content: application/x-www-form-urlencoded: schema: type: object required: - client_id - client_secret - code properties: client_id: type: string description: The application's client ID example: YOUR_CLIENT_ID client_secret: type: string description: The application's client secret example: YOUR_CLIENT_SECRET code: type: string description: >- The authorization code received from the authorization endpoint example: AUTHORIZATION_CODE responses: '200': description: Successful token exchange content: application/json: schema: type: object properties: data: type: object properties: access_token: type: string description: The access token for API requests example: MZM1MDBMMJYTNWM4MI0ZNTIYLTKXNDATNZY1MZHKM2Y2MJY3 expires_in: type: integer description: Token expiration time in seconds example: 300 refresh_token: type: string description: Token used to refresh the access token example: ODK5ZTVKZDUTYTI5ZC01NWJHLTGZZDMTYWFKYTNMNJHHMGZM scope: type: string description: Comma-separated list of granted scopes example: codes.apply,show.userinfo token_type: type: string description: Type of the token example: Bearer '401': description: Not authorized content: application/json: schema: type: object properties: data: type: object properties: message: type: array items: type: string example: - Invalid request '422': description: Validation errors content: application/json: schema: type: object properties: errors: type: object properties: client_id: type: array items: type: string example: - validation.required client_secret: type: array items: type: string example: - validation.required code: type: array items: type: string example: - validation.required notification: type: string nullable: true example: null ````