> ## Documentation Index
> Fetch the complete documentation index at: https://developers.gonitro.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Generate Access Tokens

> How to create and renew access tokens

## Generate Access Tokens

Now that you have a clientID and clientSecret key for a Nitro application, you can generate access tokens to make requests to the Nitro APIs.

To do this, make a POST request to our authorization service  `/oauth/token` endpoint.

[Auth Endpoint Documentation](https://developers.gonitro.com/docs/api-reference/authentication/get-access-token)

Example:

```bash theme={null}
curl -X POST https://api.gonitro.dev/oauth/token \
  -H "Content-Type: application/json" \
  -d '{
    "clientID": "<nitro_app_id>",
    "clientSecret": "<your_app_secret>"
  }'
```

This will return a JSON response with your token and its expiry time (in milliseconds), For example:

```json theme={null}
{
  "accessToken": "eyJhbGciOiJIUzM4NCIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyQGV4YW1wbGUuY29tIiwiaWF0IjoxNjQyNzg5MjAwLCJleHAiOjE2NDI4NzU2MDB9.signature_here",
  "tokenType": "Bearer",
  "expiresIn": 86400
}
```

## Cache Access Token

Once you receive your token, you should store it in a temporary cache or your database so you can reuse
it while still valid.  A common approach is to store the token in an in-memory cache like Redis,
setting its expiry to match the `expiresIn` value returned by the API. This ensures the token is
automatically invalidated when it expires. Alternatively, you can store it in a database and implement
custom logic to update it.

## Renew Token

It’s a common practice to implement a routine in your code that automatically renews the access token when
needed. This should be triggered in the following cases:

* A request fails with an `Unauthorized (401)` response
* No cached token is available. For example, at application startup or when token expired in the
  in-memory cache (Redis).

The routine should then request a new token, store it, and retry the original request using the updated credentials.

## Next steps

With your client credentials and access tokens in hand, you're ready to test your API access by making your first API call!