# Client Credentials Flow

The purpose of following the OAuth2 flow is to help you retrieve an access token using your application's private client credentials.
Complete details of the specification are available in [RFC 6749 section 4.4](https://www.rfc-editor.org/rfc/rfc6749#section-4.4).

Send the following parameters www-form-encoded in the request body to the token endpoint:

| Environment | Token Endpoint |
|  --- | --- |
| Production | https://auth.dailypay.com/oauth2/token |
| UAT | https://auth.uat.dailypay.com/oauth2/token |


The resulting access token can be used to make requests to the DailyPay REST API:

> The authorization code, access token, and refresh tokens can vary in size but will typically remain under 4096 bytes.