# Requesting a scoped API Token With STAC Privileges

In this tutorial, we will request an access token from the platform API, and then request a scoped API token with STAC privileges from the [create STAC token](https://api.carbonmapper.org/api/v1/docs#/Account/account_api_token_tokens_create_stac) endpoint.

Endpoint access levels are determined by token scopes. While some endpoints are entirely public and others private, some others return different results depending on the authorization afforded by the token scope and the group that the account belongs to. The default scopes provided to a newly registered account are _STAC_ and _catalog:read_, and will belong to the _Public_ group. Information about public, catalog, and STAC endpoints can be found in the [Carbon Mapper platform API documentation](https://carbonmapper.org/api/v1/docs/).

A Carbon Mapper platform account [registration](https://platform.carbonmapper.org/account/register/) is required in order to request the access token used to grant the scoped API token.

In [None]:
import getpass
import json
from datetime import datetime, timedelta

import requests


base_url = "http://localhost:8080/api/v1/"

# Request an account token
account_token_path = "token/pair"
account_email = input("Enter the email address associated with your Carbon Mapper account: ")
account_password = getpass.getpass("Enter the password associated with your Carbon Mapper account: ")
payload = {
    "email": account_email,
    "password": account_password,
}

response = requests.post(
    f"{base_url}{account_token_path}",
    json=payload,
)
response.raise_for_status()

access_token = response.json()["access"]

# Request a scoped token with STAC privileges
stac_token_path = "account/tokens/create-stac"
stac_token_name = input("Enter the token name: ")
# The token should expire one week from today
expiration_date = datetime.now() + timedelta(days=7)
payload = {
    "expiration_date": expiration_date.strftime("%Y-%m-%d"),
    "name": stac_token_name,
}

response = requests.post(
    f"{base_url}{stac_token_path}",
    json=payload,
    headers={"Authorization": f"Bearer {access_token}"},
)
response.raise_for_status()

print(json.dumps(response.json(), indent=4))