# Access tokens

After finding a service endpoint to interact with, it's time to request an access token. You can request one via your own Nuts node:

```http
POST /internal/auth/v2/my_subject_identifier/request-service-access-token

{
  "authorization_server": "https://example.com/oauth2/other_subject_identifier",
  "scope": "coffee",
  "token_type": "Bearer",
  "credentials": [...]
}

```

- The `authorization_server` parameter is taken from the `authServerURL` registration parameter from the search result.
- The scope is determined by the use case.
- The `token_type` by default is `DPoP`, you can also choose for `Bearer`.
- You can pass additional holder credentials via `credentials`. This is a way to embed user identity tokens.

The `scope` is mapped by a policy file to a presentation definition. Policy files are provided by the use case. If your wallet contains the correct credentials according to the presentation definition, an access token will be given:

```json
{
  "access_token": "ciOiJSUzI1NiIsInR5cCI6Ikp",
  "token_type": "Bearer",
  "expires_in": 3600,
}
```

The `access_token` can then be put in the HTTP Authorization header.