# Access Token

## Obtaining Investor Access

The next step is to get the token for the issuer. Use the `v1/{domainID}/oauth2/authorize` endpoint, like:

**`curl -X POST "{baseUrl}" -H "accept: application/json" -H "Authorization: {secret}" -H "Content-Type: application/json" -d "{ \"code\": \"{code}\"}"`**<br>

| **P**arameter | Description                                       |
| ------------- | ------------------------------------------------- |
| {domainID}    | Your application client id provided by Securitize |
| authorization | Your application secret provided by Securitize    |
| code          | The Code you received in the previous set         |

## Investor Authorization

<mark style="color:green;">`POST`</mark> `https://sec-id-api.securitize.io/v1/{clientId}/oauth2/authorize`

Used to exchange provided code for accessToken

#### Path Parameters

| Name     | Type   | Description                                       |
| -------- | ------ | ------------------------------------------------- |
| clientId | string | Your application Client Id provided by Securitize |

#### Headers

| Name          | Type   | Description                                    |
| ------------- | ------ | ---------------------------------------------- |
| authorization | string | Your application secret provided by Securitize |

#### Request Body

| Name | Type   | Description                                             |
| ---- | ------ | ------------------------------------------------------- |
| code | string | Code provided from Authentication flow on users browser |

{% tabs %}
{% tab title="200 Returns JWT signed accessToken" %}

```
{
  "investorId": "string",
  "accessToken": "string",
  "refreshToken": "string",
  "expiration": "2020-05-23T18:52:03.415Z"
}
```

{% endtab %}

{% tab title="401 Could not find a cake matching this query." %}

```
{
  "statusCode": 401,
  "error": "Unauthorized",
  "message": "Failed to authorize",
  "details": null
}
```

{% endtab %}
{% endtabs %}

JavaScript Example:

```javascript
 function requestToken() {
   var issuerID = "STRING";
   const baseUrl = "https://sec-id-api.sandbox.securitize.io/v1/" 
                    + issuerID + "/oauth2/authorize";
   var scope = "info details verification";
   var redirecturl = "STRING";
   var OAuthSecret = "STRING";

   // Get the CODE in the URL
   const queryString = window.location.search;
   const urlParams = new URLSearchParams(queryString);
   const code = urlParams.get("code");

   var data = JSON.stringify({
     "code": code
   });

   var xhr = new XMLHttpRequest();
   xhr.withCredentials = true;

   xhr.addEventListener("readystatechange", function () {
     if (this.readyState === 4) {
       if (this.status === 200) {
         // User is logged-in and has authorized the app
         // Know we can get the TOKEN and start interacting
         var response = JSON.parse(this.responseText);
         console.log("Authorized with access Token: ", response.accessToken);
       }
       console.log(this.responseText);
     }
   });
   xhr.open("POST", baseUrl);
   xhr.setRequestHeader("Content-Type", "application/json");
   xhr.setRequestHeader("Authorization", OAuthSecret);
   xhr.send(data);
 }
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://sec-connect-api-docs.securitize.io/authentication-1/access-token.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.