## Issue access token

**post** `/v1/auth/access-tokens`

Issues a short-lived access token from the authenticated API key. Access tokens can optionally be bound to a specific employer or employee for scoped access. Tokens expire after 15 minutes.

### Body Parameters

- `grant_type: "client_credentials"`

  * `client_credentials` - client_credentials

  - `"client_credentials"`

- `bound_entity: optional object { id, type }`

  Optional entity to bind the token to for scoped access

  - `id: string`

    Prefixed entity ID to bind the token to (empr_* for employer, empl_* for employee)

  - `type: Type`

    * `employer` - employer
    * `employee` - employee

    - `"employer"`

    - `"employee"`

### Returns

- `access_token: string`

  The issued access token (vit_at_*)

- `expires_in: number`

  Token lifetime in seconds

- `token_type: string`

  Token type, always 'Bearer'

- `bound_entity: optional object { id, type }`

  Entity the token is bound to, if any

  - `id: string`

    Prefixed entity ID the token is bound to (empr_* or empl_*)

  - `type: Type`

    * `employer` - employer
    * `employee` - employee

    - `"employer"`

    - `"employee"`

### Example

```http
curl https://api.vitablehealth.com/v1/auth/access-tokens \
    -H 'Content-Type: application/json' \
    -H "Authorization: Bearer $VITABLE_CONNECT_API_KEY" \
    -d '{
          "grant_type": "client_credentials"
        }'
```

#### Response

```json
{
  "access_token": "vit_at_abc123def456...",
  "token_type": "Bearer",
  "expires_in": 910,
  "bound_entity": {
    "id": "empr_SGVsbG8gV29ybGQ",
    "type": "employer"
  }
}
```