# Supplier KCI authentication - retrieve access token.

This endpoint is called to retrieve an access token which must be provided in the header
on subsequent supplier KCI calls to the gateway.

Either Authorization header or client id/secret must be provided.

Endpoint: POST /auth/supplier/access-token
Version: 1.0

## Header parameters:

  - `Authorization` (string)
    The Authorization header is Basic Base64-encoded app client credentials - client_id:client_secret

## Request fields (application/x-www-form-urlencoded):

  - `grant_type` (string, required)
    Grant type - only client_credentials is supported at the moment
    Example: "client_credentials"

  - `scope` (string)
    Limit to space-delimited list of scopes registered with the app client (optional)
    Example: "com.fibregateway.<ENV_NAME>/tenant.all.all"

  - `client_id` (string)
    The ID of the app client - required if not using Authorization header

  - `client_secret` (string)
    The client secret for the app client - required if not using Authorization header

## Response 200 fields (application/json):

  - `access_token` (string)
    Access token to use in requests
    Example: "eyJraWQiOiI3WEl6amJaakZjYlpWK..."

  - `expires_in` (string)
    Token expiry in seconds (TTL)
    Example: 3600

  - `token_type` (string)
    Token type
    Example: "Bearer"

## Response 400 fields (application/json):

  - `error` (string)
    Reason for failure:
- invalid_request - request is missing a required parameter or is otherwise malformed
- invalid_client - client authentication failed - no such client id and/or secret
- invalid_grant - access issue or access has been revoked
- unauthorized_client - client is not authorized 
- unsupported_grant_type - an unrecognised grant type was specified
    Example: "invalid_request|invalid_client|invalid_grant|unauthorized_client|unsupported_grant_type"


## Response 503 fields