> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pinecone.io/llms.txt
> Use this file to discover all available pages before exploring further.
# Create an access token
> Obtain an access token for a service account using the OAuth2 client credentials flow. An access token is needed to authorize requests to the Pinecone Admin API.
The host domain for OAuth endpoints is `login.pinecone.io`.
```bash curl theme={null}
curl "https://login.pinecone.io/oauth/token" \ # Note: Base URL is login.pinecone.io
-H "X-Pinecone-Api-Version: 2026-04" \
-H "Content-Type: application/json" \
-d '{
"grant_type": "client_credentials",
"client_id": "YOUR_CLIENT_ID",
"client_secret": "YOUR_CLIENT_SECRET",
"audience": "https://api.pinecone.io/"
}'
```
```json curl theme={null}
{
"access_token":"YOUR_ACCESS_TOKEN",
"expires_in":86400,
"token_type":"Bearer"
}
```
## OpenAPI
````yaml https://raw.githubusercontent.com/pinecone-io/pinecone-api/refs/heads/main/2026-04/oauth_2026-04.oas.yaml post /oauth/token
openapi: 3.0.3
info:
title: Pinecone OAuth API
description: |
Provides an API for authenticating with Pinecone.
contact:
name: Pinecone Support
url: https://support.pinecone.io
email: support@pinecone.io
license:
name: Apache 2.0
url: https://www.apache.org/licenses/LICENSE-2.0
version: 2026-04
servers:
- url: https://login.pinecone.io
security: []
tags:
- name: OAuth
description: Authentication using the OAuth2 protocol.
paths:
/oauth/token:
post:
tags:
- OAuth
summary: Create an access token
description: >
Obtain an access token for a service account using the OAuth2 client
credentials flow. An access token is needed to authorize requests to the
Pinecone Admin API.
The host domain for OAuth endpoints is `login.pinecone.io`.
operationId: get_token
parameters:
- in: header
name: X-Pinecone-Api-Version
description: Required date-based version header
required: true
schema:
default: 2026-04
type: string
style: simple
requestBody:
description: |
A request to exchange client credentials for an access token.
content:
application/json:
schema:
$ref: '#/components/schemas/TokenRequest'
application/x-www-form-urlencoded:
schema:
$ref: '#/components/schemas/TokenRequest'
required: true
responses:
'200':
description: A response that contains the access token.
content:
application/json:
schema:
$ref: '#/components/schemas/TokenResponse'
'400':
description: Invalid request.
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'429':
description: Too many requests.
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'500':
description: Internal server error.
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'501':
description: Not implemented.
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'503':
description: Service unavailable.
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
components:
schemas:
TokenRequest:
example:
audience: https://api.pinecone.io/
client_id: I1r8m4i6jX9JTFYk0t3q85HWzciEgcA5
client_secret: EriX...j2ci
grant_type: client_credentials
description: A request to obtain an access token.
type: object
properties:
client_id:
description: |
The service account's client ID.
type: string
client_secret:
description: |
The service account's client secret.
type: string
grant_type:
description: |
The type of grant to use.
x-enum:
- client_credentials
type: string
audience:
description: |
The audience for the token.
x-enum:
- https://api.pinecone.io/
type: string
required:
- client_id
- client_secret
- grant_type
- audience
TokenResponse:
example:
access_token: eyJz93a...k4laUWw
expires_in: 1800
token_type: Bearer
description: A response that contains the access token.
type: object
properties:
access_token:
description: The access token.
type: string
token_type:
description: |-
The type of token.
Possible values: `Bearer`.
x-enum:
- Bearer
type: string
expires_in:
description: The number of seconds until the token expires.
type: integer
required:
- access_token
- token_type
- expires_in
ErrorResponse:
example:
error: access_denied
error_description: Unauthorized
description: A response indicating that an error occurred.
type: object
properties:
error:
description: A code identifying the error that occurred.
type: string
error_description:
description: A human-readable description of the error.
type: string
````