Skip to main content

Generating a JWT

To generate a JWT, make a POST request to the Courier API with the required scopes and authentication details: 
POST https://api.courier.com/auth/issue-token

Full Tenant Access

Grants access to all tenants and their notification data. 
curl --request POST \
  --url https://api.courier.com/auth/issue-token \
  --header 'Accept: application/json' \
  --header 'Authorization: Bearer $YOUR_AUTH_KEY' \
  --header 'Content-Type: application/json' \
  --data '{
    "scope": "user_id:$YOUR_USER_ID tenants:read tenants:notifications:read tenants:notifications:write",
    "expires_in": "30 days"
  }'

Specific Tenant Notification Access

Limits access to a specific tenant. 
curl --request POST \
  --url https://api.courier.com/auth/issue-token \
  --header 'Accept: application/json' \
  --header 'Authorization: Bearer $YOUR_AUTH_KEY' \
  --header 'Content-Type: application/json' \
  --data '{
    "scope": "user_id:$YOUR_USER_ID tenant:tenant-123:read tenant:tenant-123:notification:read tenant:tenant-123:notification:write",
    "expires_in": "30 days"
  }'

Available JWT Scopes

Use these scopes to fine-tune access and secure your integration. Ensure your frontend tokens are limited to the least privileges necessary for the intended operations.
  • tenants:read | Read all tenant data
  • tenants:notifications:read | Read all notification templates
  • tenants:notifications:write | Write notification templates
  • tenants:brand:read | Read brand settings across tenants
  • tenant:$TENANT_ID:read | Read data for a specific tenant
  • tenant:$TENANT_ID:notification:read | Read specific tenant’s notifications
  • tenant:$TENANT_ID:notification:write | Write specific tenant’s notifications
  • tenant:$TENANT_ID:brand:read | Read brand settings for a specific tenant
  • tenant:$TENANT_ID:brand:write | Write brand settings for a specific tenant