# API Privacy Access Token {% hint style="info" %} This endpoint fetches a privacy access token, which you need in order to fetch Privacy Data from a user. {% endhint %} {% hint style="info" %} NOTE: There is a service library available to you in the [Quadrata SDK](https://docs.quadrata.com/integration/how-to-integrate/quadrata-sdk/advanced/api-libraries/api-service-libraries/create-privacy-access-token), for this endpoint. {% endhint %} ## API endpoint to get a privacy access token `GET` `https://int.quadrata.com/api/v1/privacy/access/${account}` #### Path Parameters | Name | Type | Description | | ----------------------------------------- | ------ | --------------------- | | account\* | String | User's wallet address | #### Headers | Name | Type | Description | | ----------------------------------------------- | ------ | ---------------------------------------------------------------------------------------------------------------------------------------- | | Authorization\* | String | `Basic ${base64(apiKey)}` | | Date\* | String |

Date and time of current request

Wed, 04 Oct 2023 02:39:37 GMT

| | Signature\* | String | [API Signed Request](https://docs.quadrata.com/integration/how-to-integrate/request-privacy-data/api-requests/how-to-sign-api) Signature | {% tabs %} {% tab title="200: OK Privacy Access Tokens" %} ```json { "data": { "authToken": "...", "accessToken": "...", "type": "privacy.grants" } } ``` {% endtab %} {% tab title="401: Unauthorized Invalid Signature or API\_KEY" %} {% endtab %} {% tab title="403: Forbidden Privacy Consent Not Allowed" %} {% endtab %} {% tab title="400: Bad Request Invalid Request Payload" %} {% endtab %} {% endtabs %} This endpoint will return an auth token and an access token. Your dApp needs to combine them into one encoded string, delimited by a `:` and `base64` encoded, in order to use it as an `X-Access-Token` header to fetch PII data. {% hint style="danger" %} Privacy Access Tokens are one time use tokens. If you attempt to reuse an access token, you will receive a `401 Unauthorized` error. {% endhint %} {% tabs %} {% tab title="NodeJS" %} ```javascript const buffer = require('buffer'); const privateKeyDer = '...'; // You can find `getPrivateKeyFromDer` in "How to sign API"."Full Example" page const privateKey = await getPrivateKeyFromDer(privateKeyDer); const walletAddress = '...'; // You can find `makeRequest` in "How to sign API"."Full Example" page const json = await makeRequest({ method: 'get', privateKey: privateKey, path: `/api/v1/privacy/access/${walletAddress}` }); const { data: { authToken, accessToken } } = json; const xAccessToken = Buffer .from(`${authToken}:${accessToken}`) .toString('base64'); ``` {% endtab %} {% tab title="Python" %} ```python """ NOTE: you can find make_request in the full example located in the API Signed Requests documentation page """ import base64 wallet_address = '...' # You can find `make_request` in "How to sign API"."Full Example" page json = make_request(f'/api/v1/privacy/access/{wallet_address}') auth_token = json['data']['authToken'] access_token = json['data']['accessToken'] x_access_token = base64.b64encode( f'{auth_token}:{access_token}'.encode('utf-8') ).decode('utf-8') ``` {% endtab %} {% endtabs %} {% hint style="info" %} See [***How to sign API***](https://docs.quadrata.com/integration/how-to-integrate/request-privacy-data/api-requests/how-to-sign-api) for message signing examples with more coverage and explanations. {% endhint %}