# API Reference {% hint style="info" %} **URL Base**: * UAT: `https://identityhomolog.acesso.io`; * Production: `https://identity.acesso.io`. {% endhint %} ## Obtain access token > Endpoint to obtain the access token ```json {"openapi":"3.0.3","info":{"title":"OAuth2 Token API","version":"1.0.0"},"servers":[{"url":"https://identityhomolog.acesso.io","description":"Staging environment"}],"paths":{"/oauth2/token":{"post":{"summary":"Obtain access token","description":"Endpoint to obtain the access token","operationId":"getJwtToken","tags":["Authentication"],"requestBody":{"required":true,"content":{"application/x-www-form-urlencoded":{"schema":{"type":"object","properties":{"grant_type":{"type":"string"},"assertion":{"type":"string","description":"Signed JWT in compact JWS format"}},"required":["grant_type","assertion"]}}}},"responses":{"200":{"description":"JWT access token successfully obtained","content":{"application/json":{"schema":{"type":"object","properties":{"access_token":{"type":"string","description":"JWT access token"},"expires_in":{"type":"integer","description":"Expiration time in seconds"},"token_type":{"type":"string"}}}}}},"401":{"description":"Unauthorized (e.g., invalid signature or expired JWT)","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"error_description":{"type":"string"}}}}}}}}}}} ``` ### Errors
NameDescription
1.0.1Check if the ID provided in the formation of "iss" is the correct tenant ID given during the generation of the private key.
1.0.14Check with the project manager if the application being used is active.
1.1.1The "scope" parameter was not provided in the payload of the JWT used in the request.
1.2.4The JWT used in the request has expired. Check the value specified in the "exp" field of the payload.
1.2.5The JWT used in the request cannot be validated. Verify the parameters provided and ensure that it was signed correctly.
1.2.6The private key used to sign the JWT in the request is no longer acceptable. Request new credentials for the account used.
1.2.7The JWT used in the request is no longer acceptable as it has already been used. Generate a new token to make a new request.
1.2.11The account used is not active.
1.2.14The account used does not have the necessary permissions.
1.2.18The account used has been temporarily locked due to exceeding the number of invalid authentication attempts.
1.2.19The account used is not authorized to impersonate another user account (remove the "sub" parameter from the payload).
1.2.20
1.2.21		Failed to decode the JWT used in the request. Use a new token by including only the fields specified in the "Mandatory Fields" and "Additional Fields" sections, adhering to the naming, semantics, and type of each field.
1.2.22The JWT used in the request contains additional fields in the payload that are not allowed. Use a new token by including only the fields specified in the "Mandatory Fields" and "Additional Fields" sections, adhering to the naming, semantics, and type of each field.
1.3.1The account used has source IP restrictions.
1.3.2The account used has access date/time restrictions.
--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://devcenter.unico.io/unico-idcloud/by-client-integration/authentication/api-reference.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.