# Access Token

## Obtaining Investor Access

The next step is to get the token for the issuer. Use the `v1/{domainID}/oauth2/authorize` endpoint, like:

**`curl -X POST "{baseUrl}" -H "accept: application/json" -H "Authorization: {secret}" -H "Content-Type: application/json" -d "{ \"code\": \"{code}\"}"`**<br>

| **P**arameter | Description                                       |
| ------------- | ------------------------------------------------- |
| {domainID}    | Your application client id provided by Securitize |
| authorization | Your application secret provided by Securitize    |
| code          | The Code you received in the previous set         |

## Investor Authorization

<mark style="color:green;">`POST`</mark> `https://sec-id-api.securitize.io/v1/{clientId}/oauth2/authorize`

Used to exchange provided code for accessToken

#### Path Parameters

| Name     | Type   | Description                                       |
| -------- | ------ | ------------------------------------------------- |
| clientId | string | Your application Client Id provided by Securitize |

#### Headers

| Name          | Type   | Description                                    |
| ------------- | ------ | ---------------------------------------------- |
| authorization | string | Your application secret provided by Securitize |

#### Request Body

| Name | Type   | Description                                             |
| ---- | ------ | ------------------------------------------------------- |
| code | string | Code provided from Authentication flow on users browser |

{% tabs %}
{% tab title="200 Returns JWT signed accessToken" %}

```
{
  "investorId": "string",
  "accessToken": "string",
  "refreshToken": "string",
  "expiration": "2020-05-23T18:52:03.415Z"
}
```

{% endtab %}

{% tab title="401 Could not find a cake matching this query." %}

```
{
  "statusCode": 401,
  "error": "Unauthorized",
  "message": "Failed to authorize",
  "details": null
}
```

{% endtab %}
{% endtabs %}

JavaScript Example:

```javascript
 function requestToken() {
   var issuerID = "STRING";
   const baseUrl = "https://sec-id-api.sandbox.securitize.io/v1/" 
                    + issuerID + "/oauth2/authorize";
   var scope = "info details verification";
   var redirecturl = "STRING";
   var OAuthSecret = "STRING";

   // Get the CODE in the URL
   const queryString = window.location.search;
   const urlParams = new URLSearchParams(queryString);
   const code = urlParams.get("code");

   var data = JSON.stringify({
     "code": code
   });

   var xhr = new XMLHttpRequest();
   xhr.withCredentials = true;

   xhr.addEventListener("readystatechange", function () {
     if (this.readyState === 4) {
       if (this.status === 200) {
         // User is logged-in and has authorized the app
         // Know we can get the TOKEN and start interacting
         var response = JSON.parse(this.responseText);
         console.log("Authorized with access Token: ", response.accessToken);
       }
       console.log(this.responseText);
     }
   });
   xhr.open("POST", baseUrl);
   xhr.setRequestHeader("Content-Type", "application/json");
   xhr.setRequestHeader("Authorization", OAuthSecret);
   xhr.send(data);
 }
```