# Exchange an identity provider-signed token for a State Backed token

**POST /tokens**

Once you have configured at least one identity provider (by posting to /idps)
and at least one token provider (by posting to /token-providers), you can exchange
any identity provider token for a token generated by one of your token providers.

This allows you to have completely secure, end-to-end authorization with your
State Backed machine instances without any server-side code while using your
identity provider of choice.

This endpoint should generally conform to https://datatracker.ietf.org/doc/html/rfc8693



## Servers
- Production server: https://api.statebacked.dev (Production server)



## Parameters



## Body parameters
Content-type: 
Exchange an identity provider-signed token for a State Backed token.
- **grant_type** (string)
  The type of grant being requested
- **audience** (string)
  Identifies the token provider service to use to generate the token.

Must be of the form: `https://tokens.statebacked.dev/<your-org-id>/<token-provider-service-id>`

Where `your-org-id` can be found via `smply orgs list` and `token-provider-service-id`
is the `service` that you passed in your post to /token-providers.

- **requested_token-type** (string)
  The type of token being requested
- **subject_token** (string)
  A JWT signed by one of your configured identity providers (based on configurations posted to /idps)

## Responses
### 200: Your State Backed token

#### Body Parameters:  (object)
- **access_token** (string)
  Your State Backed access token.
- **issued_token_type** (string)
  
- **token_type** (string)
  


[Powered by Bump.sh](https://bump.sh)