# Retrieve the access token issued by a third-party enterprise SSO provider

**GET /api/my-account/sso-identities/{connectorId}/access-token**

This API retrieves the access token issued by a third-party enterprise SSO provider for a given SSO connector ID. 
Access is only available if token storage is enabled for the corresponding connector.
When a user authenticates through a SSO provider, Logto automatically stores the provider’s tokens in an encrypted form.
You can use this API to securely retrieve the stored access token and use it to access third-party APIs on behalf of the user.


## Servers
- Logto endpoint address.: https://[tenant_id].logto.app (Logto endpoint address.)


## Authentication methods
- O auth2


## Parameters

#### Path parameters
- **connectorId** (string)
  The unique identifier of the connector.



## Responses
### 200: The access token was retrieved successfully.

#### Body Parameters: application/json (object)
- **access_token** (string)
  
- **scope** (string)
  
- **token_type** (string)
  
- **expires_in** (number | string)
  

### 400: Bad Request

### 401: Permission denied, the access_token is expired and the offline_access scope is not granted or expired.

### 403: Forbidden

### 404: The SSO connector does not exist or the access token is not available.


[Powered by Bump.sh](https://bump.sh)