# Create client credentials token

Create an account (tenant) API token.

You can retrieve roles and permissions via the API.

Endpoint: POST /resources/tenants/api-tokens/v2
Security: bearer

## Header parameters:

  - `frontegg-tenant-id` (string, required)
    The account (tenant) ID identifier

## Request fields (application/json):

  - `metadata` (object)
    Extra data that will be encoded as part of the JWT

  - `description` (string)

  - `roleIds` (array)
    Array of role Ids. Either this or permissionIds must be provided, but not both.

  - `permissionIds` (array)
    Array of permission Ids. Either this or roleIds must be provided, but not both. roleIds will override permissionIds.

  - `expiresInMinutes` (number)
    Token expiration time in minutes. In case of undefined, the token won't be expired

## Response 201 fields (application/json):

  - `clientId` (string, required)

  - `description` (string,null, required)

  - `tenantId` (string, required)

  - `secret` (string, required)

  - `createdByUserId` (string,null, required)

  - `metadata` (object, required)
    Extra data that will be encoded as part of the JWT

  - `createdAt` (string, required)

  - `permissionIds` (array)
    Array of permission Ids

  - `roleIds` (array)
    Array of role Ids

  - `expires` (string)