> For clean Markdown content of this page, append .md to this URL. For the complete documentation index, see https://learning.postman.com/llms.txt. For full content including API reference and SDK examples, see https://learning.postman.com/llms-full.txt.

# Generate a Service Account Token

POST https://api.getpostman.com/service-account-tokens

Exchanges a service account API key for a short-lived access token. On success, the response contains an access token that can be used to authenticate downstream service-to-service requests on behalf of the service account. The token is a JWT that encodes the service account's identity and permissions, and is valid for 15 minutes.

**Note:**

- The API key must belong to a service account. API keys that belong to regular users aren't supported.
- This endpoint authorizes the service account API through the `x-api-key` passed as a header.
- This endpoint has a rate limit of 10 requests per 10 second window per user.


Reference: https://learning.postman.com/api-docs/api-reference/service-accounts/generate-service-account-token

## OpenAPI Specification

```yaml
openapi: 3.1.0
info:
  title: Postman API
  version: 1.0.0
paths:
  /service-account-tokens:
    post:
      operationId: generateServiceAccountToken
      summary: Generate a Service Account Token
      description: >
        Exchanges a service account API key for a short-lived access token. On
        success, the response contains an access token that can be used to
        authenticate downstream service-to-service requests on behalf of the
        service account. The token is a JWT that encodes the service account's
        identity and permissions, and is valid for 15 minutes.


        **Note:**


        - The API key must belong to a service account. API keys that belong to
        regular users aren't supported.

        - This endpoint authorizes the service account API through the
        `x-api-key` passed as a header.

        - This endpoint has a rate limit of 10 requests per 10 second window per
        user.
      tags:
        - serviceAccounts
      parameters:
        - name: x-api-key
          in: header
          required: true
          schema:
            type: string
        - name: x-api-key
          in: header
          description: The service account API key, in PMAK format.
          required: true
          schema:
            $ref: '#/components/schemas/serviceAccountApiKey'
      responses:
        '200':
          description: Token Created
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/generateServiceAccountTokenResponse'
        '400':
          description: Bad Request
          content:
            application/json:
              schema:
                $ref: >-
                  #/components/schemas/GenerateServiceAccountTokenRequestBadRequestError
        '401':
          description: Invalid API Key
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/commonErrorTypeTitleDetailStatus'
        '429':
          description: Too Many Requests
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/commonErrorTypeTitleDetailStatusInstance'
        '500':
          description: Internal Server Error
          content:
            application/json:
              schema:
                $ref: >-
                  #/components/schemas/GenerateServiceAccountTokenRequestInternalServerError
servers:
  - url: https://api.getpostman.com
    description: https://api.getpostman.com
  - url: https://api.eu.postman.com
    description: https://api.eu.postman.com
components:
  schemas:
    serviceAccountApiKey:
      type: string
      title: serviceAccountApiKey
    generateServiceAccountTokenResponse:
      type: object
      properties:
        access_token:
          type: string
          description: >-
            The JWT access token to use to authenticate downstream
            service-to-service requests.
      title: generateServiceAccountTokenResponse
    CommonErrorTypeTitleDetailDetail:
      oneOf:
        - type: string
        - type: object
          additionalProperties:
            description: Any type
      description: Information about the error.
      title: CommonErrorTypeTitleDetailDetail
    commonErrorTypeTitleDetail:
      type: object
      properties:
        type:
          type: string
          description: The type of error.
        title:
          type: string
          description: A short summary of the problem.
        detail:
          $ref: '#/components/schemas/CommonErrorTypeTitleDetailDetail'
          description: Information about the error.
      title: commonErrorTypeTitleDetail
    CommonErrorTypeTitleDetailStatusType:
      oneOf:
        - type: string
          format: uri-reference
        - type: string
      title: CommonErrorTypeTitleDetailStatusType
    commonErrorTypeTitleDetailStatus:
      type: object
      properties:
        type:
          $ref: '#/components/schemas/CommonErrorTypeTitleDetailStatusType'
        title:
          type: string
          description: A short summary of the problem.
        detail:
          type: string
          description: Information about the error.
        status:
          type: integer
          description: The error's HTTP status code.
      title: commonErrorTypeTitleDetailStatus
    CommonErrorNameMessageDetailsErrorDetails:
      oneOf:
        - type: object
          additionalProperties:
            description: Any type
        - type: array
          items:
            type: string
      description: Information about the error.
      title: CommonErrorNameMessageDetailsErrorDetails
    CommonErrorNameMessageDetailsError:
      type: object
      properties:
        name:
          type: string
          description: The error name.
        message:
          type: string
          description: The error message.
        details:
          $ref: '#/components/schemas/CommonErrorNameMessageDetailsErrorDetails'
          description: Information about the error.
      title: CommonErrorNameMessageDetailsError
    commonErrorNameMessageDetails:
      type: object
      properties:
        error:
          $ref: '#/components/schemas/CommonErrorNameMessageDetailsError'
      title: commonErrorNameMessageDetails
    GenerateServiceAccountTokenRequestBadRequestError:
      oneOf:
        - $ref: '#/components/schemas/commonErrorTypeTitleDetail'
        - $ref: '#/components/schemas/commonErrorTypeTitleDetailStatus'
        - $ref: '#/components/schemas/commonErrorNameMessageDetails'
      title: GenerateServiceAccountTokenRequestBadRequestError
    commonErrorTypeTitleDetailStatusInstance:
      type: object
      properties:
        type:
          type: string
          format: uri-reference
          description: >-
            The [URI reference](https://www.rfc-editor.org/rfc/rfc3986) that
            identifies the type of problem.
        title:
          type: string
          description: A short summary of the problem.
        detail:
          type: string
          description: An explanation about the problem.
        status:
          type: integer
          description: The HTTP status code generated by the origin server.
        instance:
          type: string
          description: >-
            The URI reference that identifies the specific occurrence of the
            problem.
      title: commonErrorTypeTitleDetailStatusInstance
    CommonErrorNameMessageError:
      type: object
      properties:
        name:
          type: string
          description: The error name.
        message:
          type: string
          description: The error message.
      description: Information about the error.
      title: CommonErrorNameMessageError
    commonErrorNameMessage:
      type: object
      properties:
        error:
          $ref: '#/components/schemas/CommonErrorNameMessageError'
          description: Information about the error.
      title: commonErrorNameMessage
    GenerateServiceAccountTokenRequestInternalServerError:
      oneOf:
        - $ref: '#/components/schemas/commonErrorTypeTitleDetail'
        - $ref: '#/components/schemas/commonErrorTypeTitleDetailStatus'
        - $ref: '#/components/schemas/commonErrorNameMessage'
      title: GenerateServiceAccountTokenRequestInternalServerError
  securitySchemes:
    PostmanApiKey:
      type: apiKey
      in: header
      name: x-api-key
    scimApiKey:
      type: apiKey
      in: header
      name: Authorization
      description: >-
        A valid [SCIM API
        key](https://learning.postman.com/docs/administration/scim-provisioning/scim-provisioning-overview/#generating-scim-api-key)
        for calls to SCIM endpoints.
    basicAuth:
      type: http
      scheme: basic

```

## Examples



**Response**

```json
{
  "access_token": "6994754074765fc179e6b941f61b469858e6d79157e0c3ae23b6d290177ca87487601df9efb7cd624dcef85c7278ace24673f973a20fdae1220c17cba6db3a27"
}
```

**SDK Code**

```python Token Created
import requests

url = "https://api.getpostman.com/service-account-tokens"

headers = {"x-api-key": "<apiKey>"}

response = requests.post(url, headers=headers)

print(response.json())
```

```javascript Token Created
const url = 'https://api.getpostman.com/service-account-tokens';
const options = {method: 'POST', headers: {'x-api-key': '<apiKey>'}};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}
```

```go Token Created
package main

import (
	"fmt"
	"net/http"
	"io"
)

func main() {

	url := "https://api.getpostman.com/service-account-tokens"

	req, _ := http.NewRequest("POST", url, nil)

	req.Header.Add("x-api-key", "<apiKey>")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := io.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}
```

```ruby Token Created
require 'uri'
require 'net/http'

url = URI("https://api.getpostman.com/service-account-tokens")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["x-api-key"] = '<apiKey>'

response = http.request(request)
puts response.read_body
```

```java Token Created
import com.mashape.unirest.http.HttpResponse;
import com.mashape.unirest.http.Unirest;

HttpResponse<String> response = Unirest.post("https://api.getpostman.com/service-account-tokens")
  .header("x-api-key", "<apiKey>")
  .asString();
```

```php Token Created
<?php
require_once('vendor/autoload.php');

$client = new \GuzzleHttp\Client();

$response = $client->request('POST', 'https://api.getpostman.com/service-account-tokens', [
  'headers' => [
    'x-api-key' => '<apiKey>',
  ],
]);

echo $response->getBody();
```

```csharp Token Created
using RestSharp;

var client = new RestClient("https://api.getpostman.com/service-account-tokens");
var request = new RestRequest(Method.POST);
request.AddHeader("x-api-key", "<apiKey>");
IRestResponse response = client.Execute(request);
```

```swift Token Created
import Foundation

let headers = ["x-api-key": "<apiKey>"]

let request = NSMutableURLRequest(url: NSURL(string: "https://api.getpostman.com/service-account-tokens")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
    print(error as Any)
  } else {
    let httpResponse = response as? HTTPURLResponse
    print(httpResponse)
  }
})

dataTask.resume()
```