According to an example aspect of the present invention, there is provided an apparatus configured to process a request for an access token authorizing access for a network function consumer to a service provided by a network function producer, the request being received in the apparatus from a service communication proxy, wherein the processing comprises one or more of the following verification: verification that a credential data element comprised in the request, cryptographically signed by the network function consumer, identifies the request, the service or a type of the service, and verification with reference to a further node, or to a profile of the network function consumer, that the service communication proxy is authorized to act on behalf of the network function consumer, and transmit, responsive to at least one of the verifications being successful, the requested access token, the access token comprising an indication of the service communication proxy.