# Access Token Logistics

### **Background**

All parties in the AA ecosystem are identified by a Sahamati certified access token generated by the Token Server. These tokens are valid for 24hrs and therefore, will need to be refreshed once a day.

### Generating An Access Token

The following section describes the headers and other parameters involved in the access token generation call to the Token Server.

#### Using Postman 

In the **Authorization tab** for a request or collection, set the following details:

1. Authorization **Type**: OAuth 2.0
2. **Grant Type** as Client Credentials.
3. Set Access Token URL to one of the URLs shared by Sahamati for PRODUCTION/UAT environments.
4. Set **Client ID** same as the entity ID in Central Registry (CR)
5. Set **Client Secret** shared by Sahamati
6. **Scope** as `openid`.
7. **Client Authentication** as `Send as Basic Auth Header`.

### Decoding the Access Token

#### Using **jwt.io** 

{% hint style="info" %}
Any popular JWT decoder tool available online can be used, please ensure that the tool is safe and secure. Compromised access tokens can allow unauthorized access.
{% endhint %}

Visit <https://jwt.io> and paste your access token to see the claims.

The decoded access token will have the following structure for Header and Payload:

#### Header

```
{
  "alg": "RS256",
  "typ": "JWT",
  "kid": "ZYeH2tvRkKKz6tXXEZ4GdZB8ykAW8sKZz2QyT-MoPEE"
}
```

#### Payload

```
{
 "exp": 1612886779,
 "iat": 1612850779,
 "jti": "bd9d1a78-3829-4c61-b52b-c8c925953916",
 "iss": "https://uattokens.sahamati.org.in/auth/realms/sahamati",
 "sub": "0ac207b8-676e-43ff-baa4-464d17f4608c",
 "typ": "Bearer",
 "azp": "AA00000000", // Same as ClientID
 "acr": "1",
 "scope": "openid email profile",
 "roles": "AA"
}
```

Refer to [Access Token Schema](/aa-common-service/reference/access-token-schema.md) for more details.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://sahamati.gitbook.io/aa-common-service/token-service/access-token-logistics.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.