> ## Documentation Index
> Fetch the complete documentation index at: https://docs.thredfi.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Get partner access token (client credentials)

> OAuth2 token endpoint using Basic Authentication. Provide partner_uuid:api_key as username:password in Basic Auth header. Request body should be form-encoded with grant_type=client_credentials.



## OpenAPI

````yaml POST /v1/platform/oauth2/token/
openapi: 3.0.3
info:
  title: Thredfi Accounting Platform API
  version: 1.0.0
  description: >-
    Comprehensive API for accounting, invoice management, open banking, and
    intelligence services.
servers: []
security: []
paths:
  /v1/platform/oauth2/token/:
    post:
      tags:
        - Oauth2 authentication - Unscoped and Scoped
      summary: Get partner access token (client credentials)
      description: >-
        OAuth2 token endpoint using Basic Authentication. Provide
        partner_uuid:api_key as username:password in Basic Auth header. Request
        body should be form-encoded with grant_type=client_credentials.
      operationId: get_partner_token
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/OAuth2TokenRequestRequest'
            examples:
              GetPartnerToken:
                value:
                  grant_type: client_credentials
                  client_id: a1b2c3d4-5678-90ab-cdef-1234567890ab
                summary: Get Partner Token
          application/x-www-form-urlencoded:
            schema:
              $ref: '#/components/schemas/OAuth2TokenRequestRequest'
          multipart/form-data:
            schema:
              $ref: '#/components/schemas/OAuth2TokenRequestRequest'
        required: true
      responses:
        '200':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/OAuth2TokenResponse'
              examples:
                PartnerTokenResponse:
                  value:
                    access_token: >-
                      eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJhMWIyYzNkNC01Njc4LTkwYWItY2RlZi0xMjM0NTY3ODkwYWIiLCJpYXQiOjE3MDk4MjEyMDAsImV4cCI6MTcwOTgyNDgwMH0.example
                    token_type: Bearer
                    expires_in: 3600
                  summary: Partner Token Response
          description: ''
        '400':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/OAuth2ErrorResponse'
          description: ''
        '401':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/OAuth2ErrorResponse'
          description: ''
        '500':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/OAuth2ErrorResponse'
          description: ''
      security:
        - BasicAuth: []
        - BearerUnscoped: []
        - BearerBusinessScoped: []
        - {}
components:
  schemas:
    OAuth2TokenRequestRequest:
      type: object
      description: Serializer for OAuth2 token request
      properties:
        grant_type:
          type: string
          minLength: 1
          default: client_credentials
          description: Must be 'client_credentials'
        client_id:
          type: string
          format: uuid
          description: Partner UUID (same as in Basic Auth username)
      required:
        - client_id
    OAuth2TokenResponse:
      type: object
      description: Serializer for OAuth2 token response
      properties:
        access_token:
          type: string
          description: JWT Bearer token for API authentication
        token_type:
          type: string
          default: Bearer
          description: Token type (always 'Bearer')
        expires_in:
          type: integer
          description: Token expiration time in seconds
      required:
        - access_token
        - expires_in
    OAuth2ErrorResponse:
      type: object
      description: Serializer for OAuth2 error response
      properties:
        error:
          type: string
          description: Error code (e.g., 'invalid_client', 'unsupported_grant_type')
        error_description:
          type: string
          description: Human-readable error description
      required:
        - error
        - error_description
  securitySchemes:
    BasicAuth:
      type: http
      scheme: basic
      description: >-
        Basic authentication for OAuth2 token endpoint. Use partner_uuid:api_key
        as username:password. Example: Authorization: Basic
        base64(partner_uuid:api_key)
    BearerUnscoped:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: >-
        Partner (unscoped) JWT Bearer token. Obtain via POST
        /v1/platform/oauth2/token with Basic auth (partner_uuid:api_key). Use
        header: Authorization: Bearer {access_token}
    BearerBusinessScoped:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: >-
        Business-scoped JWT Bearer token. Obtain via POST
        /v1/platform/{business_id}/oauth2/token/ using a partner Bearer token.
        Only valid for endpoints whose URL contains that business_id.

````