Generate tokens

Generate a new JWT access token with specific permissions. The calling token must have token:generate or token:* permission, and can only grant permissions it already holds.

Request parameters

subject

string

required

Identifier for the token subject (e.g., service name, user ID).

permissions

array<string>

required

Set of permission scopes to grant. See available permissions.

name

string

Optional human-readable name for the token.

expires_seconds

integer

default:"3600"

Token lifetime in seconds. Defaults to 1 hour.

audiences

array<string>

Optional list of intended audiences for the token.

not_before_seconds

integer

Optional delay before the token becomes valid.

Generate a token

TypeScript
Python
cURL

// TODO: Add TypeScript SDK example for token generation

# TODO: Add Python SDK example for token generation

curl -X POST "${API_URL}/v1/token/generate" \
  -H "Authorization: Bearer ${API_TOKEN}" \
  -H "Content-Type: application/json" \
  -d '{
    "subject": "my-service",
    "permissions": ["workflow:document", "file:upload"],
    "expires_seconds": 86400
  }'

{
  "token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
  "jti": "550e8400-e29b-41d4-a716-446655440000"
}

Response fields

token

string

The signed JWT to use in Authorization: Bearer headers.

jti

string

Unique token identifier (JWT ID). Use this to revoke the token later.

Store the returned token securely. It cannot be retrieved again after generation.

Getting started

Connectors

Configuration

Outputs

Jobs

Files

Admin

Request parameters

Generate a token

Response fields

Getting started

Connectors

Configuration

Outputs

Jobs

Files

Admin

​Request parameters

​Generate a token

​Response fields

Request parameters

Generate a token

Response fields