> ## Documentation Index
> Fetch the complete documentation index at: https://docs.neuronsearchlab.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Create access token

> Exchange SDK credentials for a short-lived access token.

## Endpoint

```http theme={null}
POST https://auth.neuronsearchlab.com/oauth2/token
```

This endpoint is unauthenticated. Send SDK credentials with HTTP Basic authentication from a trusted server.

## Request

```bash theme={null}
curl -X POST https://auth.neuronsearchlab.com/oauth2/token \
  -H "Authorization: Basic <base64(client_id:client_secret)>" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials&scope=neuronsearchlab-api/read%20neuronsearchlab-api/write"
```

| Field        | Type   | Required | Description                                                               |
| ------------ | ------ | -------- | ------------------------------------------------------------------------- |
| `grant_type` | string | yes      | Must be `client_credentials`.                                             |
| `scope`      | string | no       | Space-delimited scopes. Omit to use the scopes configured for the client. |

## Response

```json theme={null}
{
  "access_token": "<token>",
  "expires_in": 3600,
  "token_type": "Bearer",
  "scope": "neuronsearchlab-api/read neuronsearchlab-api/write"
}
```

Use `access_token` as the Bearer token for Core API resource calls. `expires_in` is a lifetime in seconds; compute `expires_at = now + expires_in` in your token cache and refresh before that time.

## Errors

| Status | Scenario                                         |
| ------ | ------------------------------------------------ |
| `400`  | Unsupported grant type or malformed request body |
| `401`  | Invalid client credentials                       |
| `429`  | Token request rate limit exceeded                |


## OpenAPI

````yaml POST /oauth2/token
openapi: 3.0.3
info:
  title: NeuronSearchLab Core API
  version: 1.0.0
  description: >-
    Versioned data-plane API for OAuth token exchange, catalog item ingestion,
    user event ingestion, and recommendation serving.
  license:
    name: Proprietary
    url: https://neuronsearchlab.com
servers:
  - url: https://api.neuronsearchlab.com
    description: Core API Gateway custom domain
security:
  - oauth2: []
tags:
  - name: Authentication
    description: OAuth 2.0 client credentials token exchange.
  - name: Items
    description: Catalog item ingestion, lookup, update, deletion, and pagination.
  - name: Events
    description: User interaction event ingestion, lookup, and pagination.
  - name: Recommendations
    description: >-
      Personalized recommendation serving, request-scoped filtering, and
      auto-section generation.
  - name: Search
    description: Query-driven search serving through the Core API data plane.
  - name: CORS
    description: Browser preflight routes generated by API Gateway.
paths:
  /oauth2/token:
    post:
      tags:
        - Authentication
      summary: Create access token
      description: >-
        Exchange SDK client credentials for a short-lived Bearer access token.
        Use HTTP Basic authentication with `client_id:client_secret`.
      operationId: createAccessToken
      requestBody:
        required: true
        content:
          application/x-www-form-urlencoded:
            schema:
              $ref: '#/components/schemas/TokenRequest'
            examples:
              clientCredentials:
                summary: Client credentials grant
                value:
                  grant_type: client_credentials
                  scope: neuronsearchlab-api/read neuronsearchlab-api/write
      responses:
        '200':
          description: Access token
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AccessToken'
              examples:
                token:
                  $ref: '#/components/examples/AccessToken'
        '400':
          $ref: '#/components/responses/OAuthError400'
        '401':
          $ref: '#/components/responses/OAuthError401'
        '429':
          $ref: '#/components/responses/OAuthError429'
      security:
        - basicAuth: []
      servers:
        - url: https://auth.neuronsearchlab.com
          description: Cognito token domain
components:
  schemas:
    TokenRequest:
      type: object
      required:
        - grant_type
      properties:
        grant_type:
          type: string
          enum:
            - client_credentials
        scope:
          type: string
          description: >-
            Space-delimited OAuth scopes. Omit to use the scopes configured for
            the client.
          example: neuronsearchlab-api/read neuronsearchlab-api/write
    AccessToken:
      type: object
      required:
        - access_token
        - expires_in
        - token_type
      properties:
        access_token:
          type: string
          description: Bearer token to send in the `Authorization` header.
        expires_in:
          type: integer
          description: Token lifetime in seconds.
          example: 3600
        token_type:
          type: string
          enum:
            - Bearer
        scope:
          type: string
          example: neuronsearchlab-api/read neuronsearchlab-api/write
    OAuthErrorResponse:
      type: object
      required:
        - error
      properties:
        error:
          type: string
          example: invalid_client
        error_description:
          type: string
      additionalProperties: true
  examples:
    AccessToken:
      summary: Access token
      value:
        access_token: <token>
        expires_in: 3600
        token_type: Bearer
        scope: neuronsearchlab-api/read neuronsearchlab-api/write
  responses:
    OAuthError400:
      description: Unsupported grant type or malformed token request
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/OAuthErrorResponse'
    OAuthError401:
      description: Invalid client credentials
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/OAuthErrorResponse'
    OAuthError429:
      description: Token endpoint rate limit exceeded
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/OAuthErrorResponse'
  securitySchemes:
    oauth2:
      type: oauth2
      flows:
        clientCredentials:
          tokenUrl: https://auth.neuronsearchlab.com/oauth2/token
          scopes:
            neuronsearchlab-api/read: Read recommendations, items, and events.
            neuronsearchlab-api/write: Create, update, and delete items; submit events.
    basicAuth:
      type: http
      scheme: basic
      description: >-
        HTTP Basic authentication using `client_id:client_secret` for token
        exchange.

````