# Using HTTP Requests

Other than the current flow in the SDK, you can also request for OAuth Tokens using http requests directly to Cotter's server. 

You need to have either: 

* [Cotter's Identity Token](/older-api/validating-cotters-token.md) that you get from verifying user's email/phone number  OR
* [Cotter's Event Token](/older-api/validating-cotters-event-response.md) that you get from authenticating using Trusted Device, Biometric or Pin.

## Getting Tokens using Identity Token

After successfully verifying user's email or phone number, you'll receive [Cotter's Identity Token](/older-api/validating-cotters-token.md). Pass it to the body of the request under field `identity_token`

```javascript
curl -XPOST \
-H 'API_KEY_ID: <YOUR API KEY ID>' \
-H 'API_SECRET_KEY: <YOUR API SECRET KEY>' \
-H "Content-type: application/json" \
-d '{
  "grant_type": "identity_token",
  "identity_token": {                // 👈 Put Identity Token Here
    "expire_at": "1588849208",
    "identifier": "hello@gmail.com",
    "identifier_id": "e8a47aff-f520-4b8d-952b-79d36d10fb3e",
    "identifier_type": "EMAIL",
    "receiver": "<YOUR API KEY ID>",
    "signature": "21P6mXSF2x357kZGkEMQTRTn3r...",
    "timestamp": "1586257208"
  }
}' 'https://www.cotter.app/api/v0/token'
```

## Getting Tokens using Identity Token

<mark style="color:green;">`POST`</mark> `https://www.cotter.app/api/v0/token`

Getting OAuth tokens using Cotter's Identity Token

#### Headers

| Name             | Type   | Description           |
| ---------------- | ------ | --------------------- |
| API\_KEY\_ID     | string | Your `API_KEY_ID`     |
| API\_SECRET\_KEY | string | Your `API_SECRET_KEY` |
| Content-type     | string | application/json      |

#### Request Body

| Name            | Type   | Description                                                                                        |
| --------------- | ------ | -------------------------------------------------------------------------------------------------- |
| grant\_type     | string | Grant type is `identity_token`                                                                     |
| identity\_token | object | Cotter's Identity Token returned to you after successfully verifying user's email or phone number. |

{% tabs %}
{% tab title="200 Receive the access\_token, id\_token and refresh\_token" %}

```javascript
{
  "access_token": "eyJhbGciOiJFUzI1Ni...",
  "auth_method": "OTP",
  "expires_in": 3600,
  "id_token": "eyJhbGciOiJFUzI1N...",
  "refresh_token": "17:nQEk14mCp4sQs5...",
  "token_type": "Bearer"
}
```

{% endtab %}
{% endtabs %}

## Getting Tokens using Event Token

After successfully authenticating users using Trusted Devices, you will receive [Cotter's Event Token.](/older-api/validating-cotters-event-response.md) Pass it to the body of the request under field `event_token`

```javascript
curl -XPOST \
-H 'API_KEY_ID: <YOUR API KEY ID>' \
-H 'API_SECRET_KEY: <YOUR API SECRET KEY>' \
-H "Content-type: application/json" \
-d '{
  "grant_type": "event_token",
  "event_token": {                  // 👈 Put Event Token Here
    "CreatedAt": "2020-04-07T11:09:03.246703978Z",
    "DeletedAt": null,
    "ID": 264,
    "UpdatedAt": "2020-04-07T11:09:03.246703978Z",
    "approved": true,
    "client_user_id": "xyzABC123",
    "event": "LOGIN",
    "ip": "73.15.208.6",
    "issuer": "<YOUR API KEY ID>",
    "location": "San Francisco",
    "method": "TRUSTED_DEVICE",
    "new": false,
    "signature": "CLQUgAUEuMebLAEQ...",
    "timestamp": "1586257743"
  }
}' 'https://www.cotter.app/api/v0/token'
```

## Getting Tokens using Event Token

<mark style="color:green;">`POST`</mark> `https://www.cotter.app/api/v0/token`

Getting OAuth tokens using Cotter's Event Token

#### Headers

| Name             | Type   | Description           |
| ---------------- | ------ | --------------------- |
| API\_KEY\_ID     | string | Your `API_KEY_ID`     |
| API\_SECRET\_KEY | string | Your `API_SECRET_KEY` |
| Content-type     | string | application/json      |

#### Request Body

| Name         | Type   | Description                                                                                     |
| ------------ | ------ | ----------------------------------------------------------------------------------------------- |
| grant\_type  | string | Grant type is `event_token`                                                                     |
| event\_token | object | Cotter's Event Token returned to you after successfully authenticate users using Trusted Device |

{% tabs %}
{% tab title="200 " %}

```
```

{% endtab %}
{% endtabs %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cotter.app/getting-access-token/older-api/untitled.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.