What fields are typically returned in a Marketing Cloud access token response?

• A. access_token, expires_in, token_type, rest_instance_url, soap_instance_url, scope
• B. username, realm
• C. client_id only
• D. token_secret

Answer: (A)

In Marketing Cloud, the access token response from OAuth 2.0 typically includes everything you need to make authenticated API calls: the access_token value you attach to requests, expires_in to know when it will lapse, and token_type (usually Bearer). It also provides the base URLs for API calls—rest_instance_url for REST and soap_instance_url for SOAP—so you know where to send your requests with the token. The scope field shows which permissions were granted. These fields together give you the token, its validity, how to use it, and where to direct your API calls. The other options don’t fit because username and realm aren’t part of the token response, token_secret isn’t used in this OAuth 2.0 flow, and client_id alone doesn’t supply the necessary token and endpoint details.