> ## Documentation Index
> Fetch the complete documentation index at: https://docs.goantiai.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Issue a Token

> Get a short-lived access token for your agent.

Tokens are short-lived credentials your agent uses to authenticate to downstream services. The SDK handles this automatically.

## How it works

```
Agent → Anti AI (client_id + client_secret + scope)
              ↓ policy check
         Issue JWT (signed, expires in 10 min)
              ↓
Agent ← access_token + expires_in
```

## Request a token

<Tabs>
  <Tab title="Python">
    ```python theme={null}
    from oculus_sdk import OculusClient

    client = OculusClient(
        client_id="YOUR_CLIENT_ID",
        client_secret="YOUR_CLIENT_SECRET",
    )

    token = client.get_token(scope="db:read")
    ```
  </Tab>

  <Tab title="TypeScript">
    ```typescript theme={null}
    import { OculusClient } from '@oculus/sdk';

    const client = new OculusClient({
      clientId: 'YOUR_CLIENT_ID',
      clientSecret: 'YOUR_CLIENT_SECRET',
    });

    const token = await client.getToken('db:read');
    ```
  </Tab>

  <Tab title="cURL">
    ```bash theme={null}
    curl -X POST https://api.antiailabs.com/oauth/token \
      -d "grant_type=client_credentials" \
      -d "client_id=YOUR_CLIENT_ID" \
      -d "client_secret=YOUR_CLIENT_SECRET" \
      -d "scope=db:read"
    ```
  </Tab>
</Tabs>

## Token lifetimes

| Situation                                           | Lifetime              |
| --------------------------------------------------- | --------------------- |
| Standard                                            | 10 minutes            |
| High-risk scopes (`*:write`, `*:delete`, `*:admin`) | 15 minutes max        |
| Custom per-agent TTL                                | 5 minutes to 24 hours |

<Warning>
  Tokens with write or admin scopes are capped at 15 minutes regardless of your custom TTL. This cannot be disabled.
</Warning>

The SDK caches tokens, renews them before expiry, and detects revocations via background TRL polling every 15 seconds. You never manage token lifetimes manually.
