> ## Documentation Index
> Fetch the complete documentation index at: https://whitebit-mintlify-fix-broken-links-1774829655.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Get Access Token

> The endpoint activates an access token by exchanging an authorization code.

<Warning>
**Important Notes:**

- Access token duration is 300 seconds
- The IP of the client must be added to WB Allowlist
</Warning>

**Request Headers:**
- Content-Type: application/x-www-form-urlencoded




## OpenAPI

````yaml /openapi/oauth2.yaml POST /oauth2/token
openapi: 3.0.3
info:
  title: OAuth 2.0 API Reference
  description: WhiteBIT OAuth 2.0 API for authentication and account management
  version: 1.0.0
servers:
  - url: https://whitebit.com
    description: WhiteBIT Global Server
  - url: https://whitebit.eu
    description: WhiteBIT EU Server
security: []
tags:
  - name: Authentication
    description: >
      OAuth 2.0 authentication endpoints for obtaining and refreshing access
      tokens.


      Available Scopes (requested during client setup):

      - general: General API access

      - show.userinfo: Access to basic user information

      - users.read: Read user data

      - users.email.read: Read user email information

      - users.kyc.read: Information about whether a user has passed KYC
      verification

      - orders.read: Read trading orders

      - orders.create: Create trading orders

      - orders.delete: Delete trading orders

      - balances.read: Read account balances

      - markets.read: Read market information

      - deals.read: Read trading deals

      - orders_history.read: Read order history

      - users.transactions.read: Read user transactions

      - users.converts.read: Read currency conversion history

      - users.balances.read: Read user account balances

      - users.orders.read: Read user orders

      - users.deals.read: Read user deals
  - name: Account Endpoints
    description: >-
      Endpoints for retrieving account information, balances, and transaction
      history
paths:
  /oauth2/token:
    post:
      tags:
        - Authentication
      summary: Get Access Token
      description: >
        The endpoint activates an access token by exchanging an authorization
        code.


        <Warning>

        **Important Notes:**


        - Access token duration is 300 seconds

        - The IP of the client must be added to WB Allowlist

        </Warning>


        **Request Headers:**

        - Content-Type: application/x-www-form-urlencoded
      requestBody:
        required: true
        content:
          application/x-www-form-urlencoded:
            schema:
              type: object
              required:
                - client_id
                - client_secret
                - code
              properties:
                client_id:
                  type: string
                  description: The application's client ID
                  example: YOUR_CLIENT_ID
                client_secret:
                  type: string
                  description: The application's client secret
                  example: YOUR_CLIENT_SECRET
                code:
                  type: string
                  description: >-
                    The authorization code received from the authorization
                    endpoint
                  example: AUTHORIZATION_CODE
      responses:
        '200':
          description: Successful token exchange
          content:
            application/json:
              schema:
                type: object
                properties:
                  data:
                    type: object
                    properties:
                      access_token:
                        type: string
                        description: The access token for API requests
                        example: MZM1MDBMMJYTNWM4MI0ZNTIYLTKXNDATNZY1MZHKM2Y2MJY3
                      expires_in:
                        type: integer
                        description: Token expiration time in seconds
                        example: 300
                      refresh_token:
                        type: string
                        description: Token used to refresh the access token
                        example: ODK5ZTVKZDUTYTI5ZC01NWJHLTGZZDMTYWFKYTNMNJHHMGZM
                      scope:
                        type: string
                        description: Comma-separated list of granted scopes
                        example: codes.apply,show.userinfo
                      token_type:
                        type: string
                        description: Type of the token
                        example: Bearer
        '401':
          description: Not authorized
          content:
            application/json:
              schema:
                type: object
                properties:
                  data:
                    type: object
                    properties:
                      message:
                        type: array
                        items:
                          type: string
                        example:
                          - Invalid request
        '422':
          description: Validation errors
          content:
            application/json:
              schema:
                type: object
                properties:
                  errors:
                    type: object
                    properties:
                      client_id:
                        type: array
                        items:
                          type: string
                        example:
                          - validation.required
                      client_secret:
                        type: array
                        items:
                          type: string
                        example:
                          - validation.required
                      code:
                        type: array
                        items:
                          type: string
                        example:
                          - validation.required
                  notification:
                    type: string
                    nullable: true
                    example: null

````