Skip to main content

POST /auth/issue-token

POSThttps://api.courier.com/auth/issue-token
Returns a new access token.
BODY PARAM
scopestringrequired
Permissions to apply to the token.
expires_instring
A string describing the time span the token is valid for. Can also be a number instead of a string (in seconds). See https://github.com/vercel/ms for examples.
Responses
AUTH TOKEN
curl --request POST \
--url https://api.courier.com/auth/issue-token \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data '
{
"scope": "user_id:me read:messages",
"expires_in": "2 days"
}
'
Response Example
{
"token": "5e2b2615.05efbb3acab9172f88dd3f6f"
}

Usage

This token can be used as a bearer token in place of a normal API Key for the following endpoints:

  • PUT | PATCH /users/:user_id/tokens/:token (must have write:user-tokens scope).
  • GET /users/:user_id/tokens/:token (must have read:user-tokens scope).
  • GraphQL (POST) /client/q Required permissions depend on query / mutation.
    • messages Requires read:messages scope.

Notes:

  • Endpoints that are tied to a user_id require the user_id to be listed in the scope field (i.e user_id:123)

Available Scopes

  • user_id:<user-id> - Gives the token access to a given user. Multiple can be listed. Ex user_id:pigeon user_id:bluebird. User ID scopes must be used in conjunction with other scopes to specify which resources of the user the token can access.
  • read:messages - Gives the token access to read messages. Must be used in conjunction with one or more user_ids.
  • read:user-tokens - Gives the token access to read user tokens. Must be used in conjunction with one or more user_id scopes.
  • write:user-tokens - Gives the token access to write user tokens. Must be used in conjunction with one or more user_id scopes.