> ## Documentation Index > Fetch the complete documentation index at: https://docs.flinks.com/llms.txt > Use this file to discover all available pages before exploring further. # Token > Use the /api/v1/token endpoint to receive an access token. Use the `https://api.flinks.io/api/v1/token` endpoint to receive an access token so that you can start using the Open Banking API. ## Token structure When you use the `authorization_code` or `refresh_token` as the grant type, the token will include the following claims: ```json theme={null} { "client_id": "dc-7tf8aijpjqofl3uxppi136ldc", "sub": "bbc6eb83-60fa-4fb0-a6ea-9e2bd54e1071", "exp": 1709147034 } ``` The `sub` claim can be used to uniquely identify the user at the Data Provider. ## About the refresh\_token When you're using `authorization_code` as the grant type, the `refresh_token` that you receive is controlled by Flinks. It has an idle timeout of 30 days and does not expire. This means that it can be refreshed indefinitely unless it's revoked. The `refresh_token` also does not change when exchanged.

Receiving a 400, 401, or 403 response

The data collection lifecycle is not connected to the `refresh_token`. If you receive a 400, 401, or 403 error when calling this endpoint, it means that either of the tokens that are managed by Flinks have expired. ## How to handle an error response If you receive an error response, refer to the [List of Authorization Errors](/api/outbound/endpoints/authorize/errors) for more information about the error and how to resolve it. ## OpenAPI ````yaml /openapi-outbound-auth.yaml POST /api/v1/token openapi: 3.0.3 info: title: Flinks Outbound Auth API description: | Flinks Outbound Authentication API. Endpoints for generating authorization tokens and authenticating requests. version: 3.0.0 servers: - url: https://{host} description: Flinks Outbound Auth Server variables: host: default: '{host}' description: Host URL security: [] tags: - name: Authorization description: Endpoints for generating authorization tokens and authenticating requests paths: /api/v1/token: post: tags: - Outbound summary: Token description: Use the /api/v1/token endpoint to receive an access token. operationId: token requestBody: content: application/json: schema: type: object properties: grant_type: type: string description: > Specifies the type of information you are passing to request an access token. Possible values include: - `client_credentials` - `authorization_code` - `refresh_token` code: type: string description: >- The authorization code that you receive from the callback during the authorization process. Only pass this field if you are using `authorization_code` as the `grant_type`. redirect_uri: type: string description: >- The URL that you used in the authorization request. Must be an exact match. Only pass this field if you are using `authorization_code` as the `grant_type`. refresh_token: type: string description: >- The refresh token that you're exchanging for a new access token. Only pass this field if you are using `refresh_token` as the `grant_type`. scope: type: string description: >- Use for app management, only if you are using `client_credentials` as the `grant_type`. required: - grant_type example: {} responses: '200': description: > Returned when the token request is successful. The response varies based on the `grant_type`: - `refresh_token` - Returns `access_token`, `token_type`, and `expires_in`. - `authorization_code` - Returns `access_token`, `token_type`, `refresh_token`, and `expires_in`. - `client_credentials` - Returns `access_token`, `token_type`, and `expires_in`. content: application/json: schema: type: object properties: access_token: type: string description: The access token to use for authenticated requests. token_type: type: string description: The type of token. Value is `Bearer`. expires_in: type: integer default: 0 description: The number of seconds until the access token expires. refresh_token: type: string description: >- The refresh token to use to obtain a new access token. Only returned when using `authorization_code` as the grant type. scope: type: string description: The scope of data associated with the token. example: access_token: >- xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx... token_type: Bearer refresh_token: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx expires_in: 299 4XX: description: >- Returned when the request is invalid or the grant type is not supported. content: application/json: schema: type: object properties: error: type: string description: The error code. error_description: type: string description: A description of the error. example: error: unsupported_grant_type error_description: >- The authorization grant type is not supported by the authorization server. 5XX: description: Returned when an unhandled error occurred on the server. content: application/json: schema: type: object properties: error: type: string description: The error code. error_description: type: string description: A description of the error. example: error: server_error error_description: An unhandled error occured on the server. ````