> ## Documentation Index
> Fetch the complete documentation index at: https://docs.fortepayments.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Obtain Access Token

> Authenticate with Forte using OAuth2 client credentials. Required before creating a payment intent or initiating a KYC request.

All Forte API requests require a short-lived access token. Obtain one by calling the auth endpoint with your client credentials.

<Info>
  Your `client_id` and `client_secret` are provided by your account manager. Store your `client_secret` securely on your backend — never expose it to the client.
</Info>

| Environment | Host URL                                 |
| ----------- | ---------------------------------------- |
| Sandbox     | `https://sandbox-api.sandbox.lemmax.com` |
| Production  | `https://api.prod.lemmax.com`            |

## Endpoint

```text theme={null}
POST /auth/v1/oauth2/token
```

## Request

```json theme={null}
{
  "client_id": "{{client_id}}",
  "client_secret": "{{client_secret}}"
}
```

## Response

```json theme={null}
{
  "data": {
    "access_token": "eyJraWQi...",
    "expires_in": 3600,
    "token_type": "Bearer"
  }
}
```

Include the token in the `Authorization` header of all subsequent requests:

```text theme={null}
Authorization: Bearer {{access_token}}
```

<Warning>
  Tokens are valid for **1 hour**. Implement token refresh in your backend to avoid interrupting active sessions.
</Warning>

***

## Next Steps

<CardGroup cols={2}>
  <Card title="Create Payment Intent" icon="credit-card" href="/payments/initiate-payment-request">
    Initiate a VDG purchase session
  </Card>

  <Card title="Create KYC Intent" icon="shield-check" href="/compliance/initiate-kyc-request">
    Initiate an identity verification flow
  </Card>
</CardGroup>