> ## Documentation Index
> Fetch the complete documentation index at: https://docs.simpledocs.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Create an access token

> Exchange your client credentials for a Bearer access token. Tokens expire after **2 hours**.



## OpenAPI

````yaml POST /oauth/token
openapi: 3.1.0
info:
  title: SimpleDocs API
  version: 1.0.0
  description: >-
    The SimpleDocs API lets you programmatically manage repository documents,
    workflows, requests, and webhooks.


    All endpoints are scoped to the company associated with your OAuth
    application.


    **Rate limiting:** 600 requests per minute per IP address.


    **Base URL:** `https://app.simpledocs.com/api`
servers:
  - url: https://app.simpledocs.com/api
    description: Production
security:
  - bearerAuth: []
tags:
  - name: Authentication
    description: Obtain access tokens via OAuth2 client credentials
  - name: Repository Documents
    description: Upload and manage documents in your repository
  - name: Workflows
    description: List workflows and retrieve their schemas
  - name: Requests
    description: Create and track legal requests
  - name: Webhooks
    description: Register webhooks to receive event notifications
paths:
  /oauth/token:
    post:
      tags:
        - Authentication
      summary: Create an access token
      description: >-
        Exchange your client credentials for a Bearer access token. Tokens
        expire after **2 hours**.
      operationId: createToken
      requestBody:
        required: true
        content:
          application/x-www-form-urlencoded:
            schema:
              type: object
              required:
                - grant_type
                - client_id
                - client_secret
              properties:
                grant_type:
                  type: string
                  enum:
                    - client_credentials
                  description: Must be `client_credentials`.
                client_id:
                  type: string
                  description: Your OAuth application UID.
                client_secret:
                  type: string
                  description: Your OAuth application secret.
                scope:
                  type: string
                  description: >-
                    Space-separated list of scopes. Available: `read`, `write`,
                    `read write`. Can be omitted if you only need read access
                    and your OAuth application is scoped to `read` or `write` —
                    defaults to `read`. Required when scoped to `read write`.
                  example: read write
      responses:
        '200':
          description: Token created successfully.
          content:
            application/json:
              schema:
                type: object
                properties:
                  access_token:
                    type: string
                    example: eyJhbGciOiJIUzI1NiJ9...
                  token_type:
                    type: string
                    example: Bearer
                  expires_in:
                    type: integer
                    example: 7200
                    description: Token lifetime in seconds.
                  scope:
                    type: string
                    example: read write
                  created_at:
                    type: integer
                    example: 1709654400
        '401':
          description: Invalid client credentials.
          content:
            application/json:
              schema:
                type: object
                properties:
                  error:
                    type: string
                    example: invalid_client
                  error_description:
                    type: string
                    example: >-
                      Client authentication failed due to unknown client, no
                      client authentication included, or unsupported
                      authentication method.
      security: []
components:
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      description: >-
        Obtain a Bearer token via the [Create access
        token](/api-reference/authentication/create-token) endpoint using the
        OAuth2 client credentials flow.

````