# Using HTTP Requests Other than the current flow in the SDK, you can also request for OAuth Tokens using http requests directly to Cotter's server. You need to have either: * [Cotter's Identity Token](https://docs.cotter.app/older-api/validating-cotters-token) that you get from verifying user's email/phone number OR * [Cotter's Event Token](https://docs.cotter.app/older-api/validating-cotters-event-response) that you get from authenticating using Trusted Device, Biometric or Pin. ## Getting Tokens using Identity Token After successfully verifying user's email or phone number, you'll receive [Cotter's Identity Token](https://docs.cotter.app/older-api/validating-cotters-token). Pass it to the body of the request under field `identity_token` ```javascript curl -XPOST \ -H 'API_KEY_ID: ' \ -H 'API_SECRET_KEY: ' \ -H "Content-type: application/json" \ -d '{ "grant_type": "identity_token", "identity_token": { // 👈 Put Identity Token Here "expire_at": "1588849208", "identifier": "hello@gmail.com", "identifier_id": "e8a47aff-f520-4b8d-952b-79d36d10fb3e", "identifier_type": "EMAIL", "receiver": "", "signature": "21P6mXSF2x357kZGkEMQTRTn3r...", "timestamp": "1586257208" } }' 'https://www.cotter.app/api/v0/token' ``` ## Getting Tokens using Identity Token `POST` `https://www.cotter.app/api/v0/token` Getting OAuth tokens using Cotter's Identity Token #### Headers | Name | Type | Description | | ---------------- | ------ | --------------------- | | API\_KEY\_ID | string | Your `API_KEY_ID` | | API\_SECRET\_KEY | string | Your `API_SECRET_KEY` | | Content-type | string | application/json | #### Request Body | Name | Type | Description | | --------------- | ------ | -------------------------------------------------------------------------------------------------- | | grant\_type | string | Grant type is `identity_token` | | identity\_token | object | Cotter's Identity Token returned to you after successfully verifying user's email or phone number. | {% tabs %} {% tab title="200 Receive the access\_token, id\_token and refresh\_token" %} ```javascript { "access_token": "eyJhbGciOiJFUzI1Ni...", "auth_method": "OTP", "expires_in": 3600, "id_token": "eyJhbGciOiJFUzI1N...", "refresh_token": "17:nQEk14mCp4sQs5...", "token_type": "Bearer" } ``` {% endtab %} {% endtabs %} ## Getting Tokens using Event Token After successfully authenticating users using Trusted Devices, you will receive [Cotter's Event Token.](https://docs.cotter.app/older-api/validating-cotters-event-response) Pass it to the body of the request under field `event_token` ```javascript curl -XPOST \ -H 'API_KEY_ID: ' \ -H 'API_SECRET_KEY: ' \ -H "Content-type: application/json" \ -d '{ "grant_type": "event_token", "event_token": { // 👈 Put Event Token Here "CreatedAt": "2020-04-07T11:09:03.246703978Z", "DeletedAt": null, "ID": 264, "UpdatedAt": "2020-04-07T11:09:03.246703978Z", "approved": true, "client_user_id": "xyzABC123", "event": "LOGIN", "ip": "73.15.208.6", "issuer": "", "location": "San Francisco", "method": "TRUSTED_DEVICE", "new": false, "signature": "CLQUgAUEuMebLAEQ...", "timestamp": "1586257743" } }' 'https://www.cotter.app/api/v0/token' ``` ## Getting Tokens using Event Token `POST` `https://www.cotter.app/api/v0/token` Getting OAuth tokens using Cotter's Event Token #### Headers | Name | Type | Description | | ---------------- | ------ | --------------------- | | API\_KEY\_ID | string | Your `API_KEY_ID` | | API\_SECRET\_KEY | string | Your `API_SECRET_KEY` | | Content-type | string | application/json | #### Request Body | Name | Type | Description | | ------------ | ------ | ----------------------------------------------------------------------------------------------- | | grant\_type | string | Grant type is `event_token` | | event\_token | object | Cotter's Event Token returned to you after successfully authenticate users using Trusted Device | {% tabs %} {% tab title="200 " %} ``` ``` {% endtab %} {% endtabs %}