> ## Documentation Index
> Fetch the complete documentation index at: https://www.text.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Create a token

> Creates a new customer access token.



## OpenAPI

````yaml /api/customer-accounts/openapi.json post /token
openapi: 3.0.0
info:
  title: Customer Accounts API
  description: >-
    Customer Accounts API is responsible for the authentication and
    authorization processes of customers in Text.
  version: 2.0.0
servers:
  - url: https://accounts.livechat.com/v2/customer
    description: Main production server URL
security: []
paths:
  /token:
    post:
      tags:
        - Tokens
      summary: Create a token
      description: Creates a new customer access token.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
                - grant_type
                - client_id
              properties:
                grant_type:
                  type: string
                  enum:
                    - agent_token
                    - cookie
                    - identity_token
                  description: >-
                    The grant type.

                    - `agent_token` — for backend integrations that manage
                    customer identities using an agent token.

                    - `cookie` — for frontend apps that use browser cookies to
                    identify customers.

                    - `identity_token` — for exchanging an identity transfer
                    token for a customer access token.
                client_id:
                  type: string
                  format: hex
                  description: The client ID for which the token is being issued.
                redirect_uri:
                  type: string
                  format: url
                  description: >-
                    The redirect URI. Required for `grant_type=cookie`. If not
                    provided, the value of the `Origin` header is used.
                organization_id:
                  type: string
                  format: uuid
                  description: >-
                    The organization ID for which the token is being issued.
                    Required only if `grant_type=cookie`.
                entity_id:
                  type: string
                  format: uuid
                  description: >-
                    The entity ID for which the token is being issued. The
                    entity (customer) must already exist. Can be used only for
                    `grant_type=agent_token`.
                expires_in:
                  type: integer
                  format: uint64
                  description: The access token lifetime, in seconds.
                code:
                  type: string
                  description: >-
                    An identity transfer token. Can be used only for
                    `grant_type=identity_token`.
                code_verifier:
                  type: string
                  description: >-
                    A code verifier, as in the OAuth2 PKCE flow. Can be used
                    only for `grant_type=identity_token`.
      responses:
        '200':
          description: 'OK: Returns token details.'
          headers:
            Set-Cookie:
              schema:
                type: string
                description: The customer ID cookie. Returned only if `grant_type=cookie`.
                example: >-
                  __lc_cid=3aa138c1-c137-41c6-6b26-cface5857378; Path=/customer;
                  Domain=accounts.livechat.com; Expires=Sun, 18 Jun 2023
                  12:26:02 GMT; Max-Age=63072000; HttpOnly; Secure;
                  SameSite=None
            X-Set-Cookie-CST:
              schema:
                type: string
                description: >-
                  The customer secure token cookie. Returned only if
                  `grant_type=cookie`.
                example: >-
                  __lc_cst=87b9d0222e63e349da85535d07c81e1e1fb938de41f4e16e1d9ba5965f25db4aeea46b39d0fb;
                  Path=/customer; Domain=accounts.livechat.com; Expires=Sun, 18
                  Jun 2023 12:26:02 GMT; Max-Age=63072000; HttpOnly; Secure;
                  SameSite=None
          content:
            application/json:
              schema:
                description: OAuth 2 `Bearer` token
                type: object
                properties:
                  access_token:
                    type: string
                    description: The access token value.
                  client_id:
                    type: string
                    format: hex
                    description: The client ID for which the token was issued.
                  entity_id:
                    type: string
                    format: uuid
                    description: The entity ID for which the token was issued.
                  expires_in:
                    type: integer
                    format: uint64
                    description: The access token lifetime, in seconds.
                  organization_id:
                    type: string
                    format: uuid
                    description: The organization ID for which the token was issued.
                  token_type:
                    type: string
                    description: The access token type.
        '401':
          description: Unauthorized, missing or invalid authorization
          content:
            application/json:
              schema:
                description: Default error object
                type: object
                properties:
                  oauth_exception:
                    type: string
                    enum:
                      - bad_request
                      - invalid_request
                      - unauthorized_client
                      - access_denied
                      - server_error
                      - temporarily_unavailable
                      - unsupported_grant_type
                      - invalid_grant
                      - invalid_client
                      - forbidden
                      - conflict
                      - resource_not_found
                    description: The OAuth 2.0 error code.
                  exception_description:
                    type: string
                    description: A human-readable description of the error.
        '500':
          description: Server Error
      security:
        - {}
        - Cookie Auth: []
        - OAuth2 Agent Bearer Token: []
components:
  securitySchemes:
    Cookie Auth:
      type: apiKey
      in: cookie
      name: __lc_cid
    OAuth2 Agent Bearer Token:
      description: This API uses OAuth2 for agents with the Implicit grant flow.
      type: oauth2
      flows:
        implicit:
          authorizationUrl: https://accounts.livechat.com
          scopes: {}
        authorizationCode:
          authorizationUrl: https://accounts.livechat.com
          tokenUrl: https://accounts.livechat.com/token
          scopes: {}

````