# Request an access token

Access tokens are used in token-based authentication to grant applications access to APIs on behalf of a user. After a user successfully logs in and authorizes access, the application receives an access token. This token acts as a credential that the application uses to identify itself and the authorized user when calling the target API.

Prerequisite: IP allowlisting
You must add any IP addresses that will be connecting to Ripple servers to the [IP allowlist](/products/payments-direct/api-docs/best-practices/ip-allowlisting/).

You must include a valid access token in your request header when you send requests to secured API endpoints.

To get an access token, you must have your client ID and client secret. Learn how to [generate a client ID and client secret](/products/payments-direct/api-docs/payments-direct-api/reference/payments-direct-api/section/api-authentication) for use with Ripple APIs.

### Request format

To get an authentication token for the **test** environment, send a `POST` request to the following URL:


```
https://auth-test.rnc.ripplenet.com/oauth/token
```

## Authentication request

To get an access token, use the [request an access token](/products/payments-direct/api-docs/payments-direct-api/reference/payments-direct-api/authentication/authenticate) operation with your `client_id` and `client_secret`.

Include the `audience` and `grant_type` as shown in the example below.

The value of the `audience` field is based on [URN](https://en.wikipedia.org/wiki/Uniform_Resource_Name) syntax.

**Format**: `urn:ripplexcurrent-ENVIRONMENT_STRING:YOUR_TENANT_ID`

**Example**: `urn:ripplexcurrent-test:YOUR_TENANT_ID`

## Authentication response

Store the `access_token` in the response for use with all other API operations.