> For the complete documentation index, see [llms.txt](https://developer.usemultiplier.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://developer.usemultiplier.com/api-reference/authentication/partner-token.md).

# Partner Token

Generate access tokens for partner integrations using client credentials

## OAuth 2.0 Token Endpoint

> Implements RFC 6749 Section 4.4.2 - Access Token Request using Client Credentials flow.\
> \
> This endpoint accepts both JSON and form-urlencoded content types.\
> \
> \*\*Security considerations:\*\*\
> \- Uses HTTPS in production (enforced by infrastructure)\
> \- Validates client credentials using Argon2 password hashing\
> \- Generates cryptographically secure opaque tokens\
> \
> \*\*Grant Type:\*\*\
> \- Only \`client\_credentials\` grant type is supported\
> \
> \*\*Authentication:\*\*\
> \- This endpoint does NOT require a bearer token\
> \- Authentication is performed using client\_id and client\_secret in the request body<br>

```json
{"openapi":"3.0.1","info":{"title":"Multiplier Public REST API","version":"1.0.0"},"tags":[{"name":"Partner Token","description":"Generate access tokens for partner integrations using client credentials"}],"servers":[{"url":"https://api.usemultiplier.com","description":"Production API / Partner Sandbox"},{"url":"https://release-api-gateway.api.usemultiplier.com","description":"MPL internal release environment"},{"url":"https://api-gateway.api.acc.staging.usemultiplier.com","description":"MPL internal staging"}],"security":[],"paths":{"/v1/client/token":{"post":{"tags":["Partner Token"],"summary":"OAuth 2.0 Token Endpoint","description":"Implements RFC 6749 Section 4.4.2 - Access Token Request using Client Credentials flow.\n\nThis endpoint accepts both JSON and form-urlencoded content types.\n\n**Security considerations:**\n- Uses HTTPS in production (enforced by infrastructure)\n- Validates client credentials using Argon2 password hashing\n- Generates cryptographically secure opaque tokens\n\n**Grant Type:**\n- Only `client_credentials` grant type is supported\n\n**Authentication:**\n- This endpoint does NOT require a bearer token\n- Authentication is performed using client_id and client_secret in the request body\n","operationId":"oauthToken","requestBody":{"description":"OAuth 2.0 token request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ClientAuth_client_token_body"}},"application/x-www-form-urlencoded":{"schema":{"$ref":"#/components/schemas/ClientAuth_client_token_body_1"}}},"required":true},"responses":{"200":{"description":"Token issued successfully","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ClientAuth_inline_response_200"}}}},"400":{"description":"Bad Request - Validation failed","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ClientAuth_inline_response_400"}}}},"401":{"description":"Invalid client credentials","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ClientAuth_inline_response_400"}}}},"500":{"description":"Internal Server Error - Unexpected server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ClientAuth_inline_response_400"}}}}}}}},"components":{"schemas":{"ClientAuth_client_token_body":{"required":["client_id","client_secret","grant_type"],"type":"object","properties":{"grant_type":{"type":"string","description":"OAuth 2.0 grant type (must be \"client_credentials\")","enum":["client_credentials"]},"client_id":{"type":"string","description":"Client ID provided by Multiplier"},"client_secret":{"type":"string","description":"Client secret provided by Multiplier","format":"password"},"scope":{"type":"string","description":"Optional scope (currently not supported)"}}},"ClientAuth_client_token_body_1":{"required":["client_id","client_secret","grant_type"],"type":"object","properties":{"grant_type":{"type":"string","description":"OAuth 2.0 grant type (must be \"client_credentials\")","enum":["client_credentials"]},"client_id":{"type":"string","description":"Client ID provided by Multiplier"},"client_secret":{"type":"string","description":"Client secret provided by Multiplier","format":"password"},"scope":{"type":"string","description":"Optional scope (currently not supported)"}}},"ClientAuth_inline_response_200":{"required":["access_token","expires_in","token_type"],"type":"object","properties":{"access_token":{"type":"string","description":"The access token to use for authenticated requests"},"token_type":{"type":"string","description":"Token type (always \"Bearer\")","enum":["Bearer"]},"expires_in":{"type":"integer","description":"Token expiration time in seconds","format":"int64"}}},"ClientAuth_inline_response_400":{"required":["code","correlationId","message","path","timestamp"],"type":"object","properties":{"timestamp":{"type":"string","description":"ISO-8601 UTC timestamp of when the error occurred","format":"date-time"},"code":{"type":"string","description":"HTTP status code category:\n- BAD_REQUEST: 400 - request validation or input error\n- UNAUTHORIZED: 401 - authentication failure\n- FORBIDDEN: 403 - authorization failure\n- NOT_FOUND: 404 - resource not found\n- CONFLICT: 409 - resource conflict\n- INTERNAL_SERVER_ERROR: 500 - unexpected server error\n- SERVICE_UNAVAILABLE: 503 - service unavailable\n"},"message":{"type":"string","description":"Human-readable summary of the error"},"path":{"type":"string","description":"The request path that caused the error"},"correlationId":{"type":"string","description":"Correlation ID for tracing this error across systems"},"errors":{"type":"array","description":"Field-level error details. Present only for validation errors (VALIDATION_ERROR); omitted or null for all other error types.","items":{"$ref":"#/components/schemas/ClientAuth_ErrorResponse_errors"}},"error":{"$ref":"#/components/schemas/ClientAuth_ErrorResponse_error"}},"description":"Standard error response for all API errors"},"ClientAuth_ErrorResponse_errors":{"required":["message"],"type":"object","properties":{"property":{"type":"string","description":"Property path that caused the error, using dot notation"},"message":{"type":"string","description":"Human-readable error message"}},"description":"Individual error item"},"ClientAuth_ErrorResponse_error":{"required":["code","message","type"],"type":"object","properties":{"type":{"type":"string","description":"Error category for client-side handling:\n- ValidationError: Request validation failed\n- NotFoundError: Resource doesn't exist\n- ConflictError: Resource already exists or state conflict\n- AuthenticationError: Invalid credentials\n- AuthorizationError: Insufficient permissions\n- ServerError: Unexpected server error\n","enum":["ValidationError","NotFoundError","ConflictError","AuthenticationError","AuthorizationError","ServerError"]},"code":{"type":"string","description":"Common codes:\n- VALIDATION_FAILED: Request validation failed\n- RESOURCE_NOT_FOUND: Resource doesn't exist\n- RESOURCE_ALREADY_EXISTS: Duplicate resource\n- RESOURCE_CONFLICT: State conflict\n- AUTHENTICATION_FAILED: Invalid credentials\n- AUTHORIZATION_FAILED: Insufficient permissions\n- INTERNAL_ERROR: Server error\n","enum":["VALIDATION_FAILED","RESOURCE_NOT_FOUND","RESOURCE_ALREADY_EXISTS","RESOURCE_CONFLICT","AUTHENTICATION_FAILED","AUTHORIZATION_FAILED","INTERNAL_ERROR"]},"message":{"type":"string","description":"Human-readable error message"},"details":{"type":"array","description":"Field-level validation errors (only present for validation_error type)","items":{"$ref":"#/components/schemas/ClientAuth_ErrorResponse_error_details"}}},"description":"Deprecated: use top-level fields (timestamp, code, message, path, correlationId, errors) instead. This field will be removed in a future version.","deprecated":true},"ClientAuth_ErrorResponse_error_details":{"required":["field","message"],"type":"object","properties":{"field":{"type":"string","description":"Field path using dot notation for nested fields"},"message":{"type":"string","description":"Human-readable error message for this field"}},"description":"Field-level validation error"}}}}
```


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://developer.usemultiplier.com/api-reference/authentication/partner-token.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
