Retrieving an access token

You must get an IBM Cloud® Identity and Access Management (IAM) access token to authenticate your requests to the IBM® Cloud Logs Routing service.

Retrieving an access token with the CLI

You can use the IBM Cloud CLI to quickly generate your personal Cloud IAM access tokenA value used by the consumer to gain access to the protected resources on behalf of the user, instead of using the user's service provider credentials..

Log in to IBM Cloud with the IBM Cloud CLI.
```
ibmcloud login
```
If the login fails, run the ibmcloud login --sso command to try again. The --sso parameter is required when you log in with a federated ID. If this option is used, go to the link listed in the CLI output to generate a one-time pass code.
Run the following command to retrieve your IBM Cloud IAM access token and export it as an environment variable by running the following command:
```
export IAM_TOKEN=`ibmcloud iam oauth-tokens --output json | jq -r '.iam_token'`
```

Retrieving an access token with the API

You can also retrieve your access token programmatically by first creating a service ID API key for your application, and then exchanging your API key for an IBM Cloud IAM token.

Create a service ID API key.

Call the IAM Identity Services API to retrieve your access token.

$ curl -X POST \
    "https://iam.cloud.ibm.com/identity/token" \
    -H "content-type: application/x-www-form-urlencoded" \
    -H "accept: application/json" \
    -d 'grant_type=urn%3Aibm%3Aparams%3Aoauth%3Agrant-type%3Aapikey&apikey=<API_KEY>' > token.json

In the request, replace <API_KEY> with the API key that you created in the previous step. The following truncated example shows the contents of the token.json file:

{
    "access_token": "b3VyIGZhdGhlc...",
    "expiration": 1512161390,
    "expires_in": 3600,
    "refresh_token": "dGhpcyBjb250a...",
    "token_type": "Bearer"
}

Access tokens are valid for 1 hour, but you can regenerate them as needed.