# Step 3: Request an Access Token

To make authenticated requests on behalf of the user, the `authorization_code` must be exchanged for an access token. To request an access token, your application should send the this request.

Store both the `access_token` and the `refresh_token`. The access token can be used immediately to make authenticated requests but it expires after the `expires_in` seconds. The refresh token can be used to refresh both tokens.

{% hint style="info" %}
**Note:** Be sure to set the `Content-Type` header field of your request to: 

`Content-Type: application/x-www-form-urlencoded`
{% endhint %}

A valid request should follow this format (line breaks added for clarity):

```
GET https://api.parqex.com/oauth/v2/endpoints/token/?
    client_id=<CLIENT_ID>&
    client_secret=<CLIENT_SECRET>&
    grant_type=authorization_code&
    code=<AUTHORIZATION_CODE>&
    redirect_uri=<ENCODED_REDIRECT_URL>
```