> ## Documentation Index
> Fetch the complete documentation index at: https://developers.phrase.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

Users can generate new API Tokens in the User Profile/Access Tokens tab in [Phrase Platform Settings page](https://eu.phrase.com/idm-ui/settings/access-tokens).
Supported applications are:

* Phrase Connectors API
* Phrase Language AI
* Phrase Strings
* Phrase Studio
* Phrase TMS

#### Exchanging API tokens for JWT

Exchange the generated API Token for Access Token using Phrase Platform OAuth Token endpoint with `urn:ietf:params:oauth:grant-type:token-exchange` grant type.
This is extension of OAuth basic grants which is specified in OAuth 2.0 Token Exchange ([RFC-8693](https://www.rfc-editor.org/rfc/rfc8693.html)). Supported parameters are:

| Parameter name         | Value                                             | Required |
| ---------------------- | ------------------------------------------------- | -------- |
| `grant_type`           | `urn:ietf:params:oauth:grant-type:token-exchange` | yes      |
| `subject_token`        | *API-TOKEN*                                       | yes      |
| `subject_token_type`   | `urn:phrase:params:oauth:token-type:api_token`    | no       |
| `requested_token_type` | `urn:ietf:params:oauth:token-type:access_token`   | no       |

Other fields from the Specification are not supported at the moment.

##### Sample request

```
POST /oauth/token
Content-Type: application/x-www-form-urlencoded
grant_type=urn:ietf:params:oauth:grant-type:token-exchange&subject_token=API-TOKEN
```

With [curl](https://curl.se/):

```
curl -d grant_type=urn:ietf:params:oauth:grant-type:token-exchange -d subject_token=API-TOKEN
```

The response is in JSON format:

```json theme={null}
{
  "access_token":"GENERATED-JWT",
  "issued_token_type":"urn:ietf:params:oauth:token-type:access_token",
  "token_type":"Bearer",
  "expires_in":14399 
}
```

* `access_token` - the generated JWT access token
* `issued_token_type` - the type of returned token, always `urn:ietf:params:oauth:token-type:access_token`
* `token_type` - how to use the token, always `Bearer`
* `expires_in` - validity of the token in seconds

#### Using JWT in APIs

Use the token to access Platform APIs of specific application - passing it in HTTP Authorization Header:

```
Authorization: Bearer GENERATED-JWT
```