# Client credentials tokens A client credentials token provides partner accounts with application-level access to the Wise Platform API, and is used for requests that aren't tied to a specific Wise user. Client credentials tokens are most frequently used to: - Create [un-authenticated quotes](/api-reference/quote/quotecreateunauthenticated) - Create and retrieve [application webhook subscriptions](/api-reference/webhook/webhookapplicationsubscriptioncreate) - Setting [spend controls on issued cards](/api-reference/spend-controls) ## Prerequisites Before you begin, make sure you have: - Your **client ID** and **client secret** (retrieve via [Developer Hub](https://wise.com/developer-hub)) - [Configured mTLS](/guides/developer/auth-and-security/mtls), which is required for all OAuth 2.0 partners ## Obtain a client credentials token Make a [create an OAuth token request](/api-reference/oauth-token/oauthtokencreate) using basic authentication with your `client_id` and `client_secret`. **Endpoint**: `POST /oauth/token` Request ``` curl -X POST https://api.wise.com/oauth/token \ -u ':' \ -H 'Content-Type: application/x-www-form-urlencoded' \ -d 'grant_type=client_credentials' ``` Response The response returns the token value in the `access_token` field. ``` { "access_token": "01234567-89ab-cdef-0123-456789abcdef", "token_type": "bearer", "expires_in": 43199, "expires_at": "2026-04-11T03:43:28.148Z", "scope": "transfers" } ``` ## Using the client credentials token Include the token in the `Authorization` header of any application-level API requests. **Example**: ``` curl -i -X POST https://api.wise.com/v3/quotes \ -H 'Authorization: Bearer ' \ ``` ## Managing token expiration Client credentials tokens expire after 12 hours. Request a new token before the token’s expiration to avoid a `401 unauthorized` error. To avoid an expiration error, your application should: - **Track the expiry time** using the `expires_in` value from the token response. - **Request a new token** at application startup and refresh when about 80% of the TTL has elapsed. - **Don't persist the token**. Treat it as ephemeral and request a new one when needed.