# Auth ## Issue access token `client.auth.issueAccessToken(AuthIssueAccessTokenParamsbody, RequestOptionsoptions?): AuthIssueAccessTokenResponse` **post** `/v1/auth/access-tokens` Issues a short-lived access token from the authenticated API key. Access tokens can optionally be bound to a specific employer or employee for scoped access. Tokens expire after 15 minutes. ### Parameters - `body: AuthIssueAccessTokenParams` - `grant_type: "client_credentials"` * `client_credentials` - client_credentials - `"client_credentials"` - `bound_entity?: BoundEntity | null` Optional entity to bind the token to for scoped access - `id: string` Prefixed entity ID to bind the token to (empr_* for employer, empl_* for employee) - `type: Type` * `employer` - employer * `employee` - employee - `"employer"` - `"employee"` ### Returns - `AuthIssueAccessTokenResponse` - `access_token: string` The issued access token (vit_at_*) - `expires_in: number` Token lifetime in seconds - `token_type: string` Token type, always 'Bearer' - `bound_entity?: BoundEntity | null` Entity the token is bound to, if any - `id: string` Prefixed entity ID the token is bound to (empr_* or empl_*) - `type: Type` * `employer` - employer * `employee` - employee - `"employer"` - `"employee"` ### Example ```typescript import VitableConnect from '@vitable-inc/vitable-connect'; const client = new VitableConnect({ apiKey: process.env['VITABLE_CONNECT_API_KEY'], // This is the default and can be omitted }); const response = await client.auth.issueAccessToken({ grant_type: 'client_credentials' }); console.log(response.access_token); ``` #### Response ```json { "access_token": "vit_at_abc123def456...", "token_type": "Bearer", "expires_in": 910, "bound_entity": { "id": "empr_SGVsbG8gV29ybGQ", "type": "employer" } } ``` ## Domain Types ### Type - `Type = "employer" | "employee"` * `employer` - employer * `employee` - employee - `"employer"` - `"employee"`