# OAuth Tokens
> A token that is returned to your application when a user completes the OAuth flow and may be used to authenticate requests. Learn more about OAuth [here](/documentation/oauth).

## The OAuth Token object
### Example
```json
{
  "access_token": "12345",
  "group_id": "group_1g4mhziu6kvrs3vz35um",
  "token_type": "bearer",
  "type": "oauth_token"
}
```
### Attributes
- `access_token` (string)
  You may use this token in place of an API key to make OAuth requests on a user's behalf.

- `group_id` (string)
  The Group's identifier. A Group is the top-level organization in Increase.

- `token_type` (string)
  The type of OAuth token.

- `type` (string)
  A constant representing the object's type. For this resource it will always be `oauth_token`.

## Create an OAuth Token
POST /oauth/tokens

### Example
```curl
curl -X "POST" \
  --url "${INCREASE_URL}/oauth/tokens" \
  -H "Authorization: Bearer ${INCREASE_API_KEY}" \
  -H "Content-Type: application/json" \
  -d $'{
    "client_id": "12345",
    "client_secret": "supersecret",
    "code": "123",
    "grant_type": "authorization_code"
  }'
```

### Body Parameters
- `client_id` (string, optional)
  The public identifier for your application.

- `client_secret` (string, optional)
  The secret that confirms you own the application. This is redundant given that the request is made with your API key but it's a required component of OAuth 2.0.

- `code` (string, optional)
  The authorization code generated by the user and given to you as a query parameter.

- `grant_type` (enum, required)
  The credential you request in exchange for the code. In Production, this is always `authorization_code`. In Sandbox, you can pass either enum value.
  Cases:
  * `authorization_code` (An OAuth authorization code.)
  * `production_token` (An OAuth production token.)

- `production_token` (string, optional)
  The production token you want to exchange for a sandbox token. This is only available in Sandbox. Set `grant_type` to `production_token` to use this parameter.