# Request oauth2 access token

Facilitates the acquisition of an OAuth2 access token. It requires either a basic authorization header or a client_id provided in the request body.

Endpoint: POST /zephr/oauth2/token
Version: 2025-07-30
Security: CookieBlaizeSession, JwtQuery, JwtHeaderXBlaizeJwt, JwtHeaderXZephrJwt, JwtBearer, JwtCookie

## Query parameters:

  - `client_id` (string)
    The Zephr site's Oauth2 client ID.
    Example: "client_id=1234567890"

## Header parameters:

  - `authorization` (string)
    Encoded basic authorisation header that includes Zephr Site Oauth2 Client ID.
    Example: "Authorization: Basic ZGVtbzpwQDU1dzByZA=="

## Response 200 fields (application/json):

  - `access_token` (string)
    Oauth2 access token

  - `token_type` (string)

  - `expires_in` (number)
    Oauth2 token expiry time in seconds

  - `refresh_token` (string)
    Oauth2 refresh token to reuest a new Oauth2 token

  - `user_id` (string)
    Authenticated user ID


## Response 400 fields