# Generating access token
Follow these steps to generate access token
### Step 1 -> Create a custom app
* Login to your Eshopbox workspace
* Navigate to Apps > Create a custom app. Fill up the short form describing your app
* You can select to install the app in the current workspace. For test mode, you can also create a new development workspace.
* App will be created and pre-installed in the selected workspace. You can now copy the `client_id`, `client_secret` and `refresh_token`
### Step 2 -> Turn an app into a sales channel app (optional)
This step is required you are integrating a sales channel with Eshopbox workspace.
* In the **Sales channel** section, click **Turn app into sales channel**.
* On the next step, please select the field your app will use to identify the product while managing the inventory, creating and managing orders. Your app will use the value stored in this field to identify products while creating orders.
### Step 3 -> Refreshing access token
You need to exchange the Refresh Token you received in Step 1 for a Access Token, make a `POST` request to the `/oauth/token` endpoint in the Authentication API, using `grant_type=refresh_token`
```
POST https://auth.myeshopbox.com/api/v1/generateToken
```
In your request, the following parameters must be provided in the request body:
* `client_id`: The API key for the app, as defined in the step 1
* `client_secret`: The API secret key for the app, as defined in the step 1
* `grant_type`: The type of grant to execute. Use `refresh_token` to refresh a token.
* `refresh_token`: The Refresh Token to use.
The server responds with an access token:
```
{
"access_token": "eyJhbGciOiJSUzI1N...InR5cCI6IkpXVCIsI",
"id_token": "eyyRwffpgDlOyAxcv...OkguyrSHtteckIyueW",
"scope": "openid profile offline_access",
"expires_in": 86400,
"token_type": "Bearer"
}
```
The following values are returned:
* `access_token`: An API access token you will use for subsequent authenticated requests to the API. Your app should store the token somewhere to make authenticated requests.
* `scope`: The list of access scopes that were granted to the application and are associated with the access token. For example, `scope=openid,profile`.
* `expires_in`: The number of seconds until the access token expires.
* `token_type`: The access token type provides the client with the information required to successfully utilize the access token to make a protected resource request (along with type-specific attributes). Right now this will only be `Bearer`.\
\
You need to keep regenerating the access token before it expires as mentioned in the `expires_in` field. [Learn more](https://eshop.gitbook.io/eshopbox-developers/basics/authentication/refresh-access-token)\
\
Now you can use the `access_token` to make Authenticated API requests.
