# Exchange an authentication token Exchanges an authentication token for a JWT. By default, this operation invalidates the exchanged authentication token. Endpoint: POST /authentication-tokens/{token}/exchange Version: latest Security: SecretApiKey, JWT, PublishableApiKey ## Path parameters: - `token` (string, required) ID of the authentication token. ## Request fields (application/json): - `invalidate` (boolean) Specifies if the token must be invalidated after the exchange is performed. Example: true - `oneTimePassword` (string) One-time password that is sent by email. This value must contain digits only. Example: "123456" - `acl` (array) Access Control List (ACL) information. - `acl.scope` (object, required) Scope of the API key. - `acl.scope.organizationId` (array) Array of account IDs. Example: ["4f6cf35x-2c4y-483z-a0a9-158621f77a21"] - `acl.scope.productId` (array) Array of product IDs. Example: ["prod_0YV7DES3WPC5J8JD8QTVNZBZNZ"] - `acl.scope.planId` (array) Array of plan IDs. Example: ["plan_0YV7DENSVGDBW9S71XZNNYYQ0X"] - `acl.scope.customFieldName` (array) Array of custom field names. - `acl.permissions` (array, required) If you are creating a restricted API key, use this field to specify individual permissions. Use the wildcard character * to provide full access. - `customClaims` (object) Example: {"documents":["identity-proof","address-proof"],"redirectUrl":"https://mywebsite.com"} - `expiredTime` (string) Date and time when the session expires. The default value is one hour after the createdTime value. ## Response 201 fields (application/json): - `id` (string) ID of the session. Example: "jwt_0YV7DEJX80CDRAKVTV478ZNJDR" - `type` (string) Type of session. Enum: "customer" - `token` (string) Token used for authentication. - `customerId` (string) ID of the customer resource. Example: "cus_0YV7DDSDD1C8DA64KHH2W33CPF" - `acl` (array) Access Control List (ACL) information. - `acl.scope` (object, required) Scope of the API key. - `acl.scope.organizationId` (array) Array of account IDs. Example: ["4f6cf35x-2c4y-483z-a0a9-158621f77a21"] - `acl.scope.productId` (array) Array of product IDs. Example: ["prod_0YV7DES3WPC5J8JD8QTVNZBZNZ"] - `acl.scope.planId` (array) Array of plan IDs. Example: ["plan_0YV7DENSVGDBW9S71XZNNYYQ0X"] - `acl.scope.customFieldName` (array) Array of custom field names. - `acl.permissions` (array, required) If you are creating a restricted API key, use this field to specify individual permissions. Use the wildcard character * to provide full access. - `customClaims` (object) Example: {"documents":["identity-proof","address-proof"],"redirectUrl":"https://mywebsite.com"} - `createdTime` (string) Date and time when the resource is created. This value is set automatically when the resource is created. - `updatedTime` (string) Date and time when the resource is updated. This value is set automatically when the resource is updated. - `expiredTime` (string) Date and time when the session expires. The default value is one hour after the createdTime value. - `_links` (array) Related links. - `_links.href` (string) Link URL. - `_links.rel` (string) Type of link. Enum: "customer" ## Response 401 fields (application/json): - `status` (integer) HTTP status code. - `type` (string) Problem type in the form of a [URI](https://tools.ietf.org/html/rfc3986) reference. It should provide human-readable documentation for the problem type. When this member is not present, its value is assumed to be "about:blank". - `title` (string) Short, human-readable summary of the problem type. Other than for the purposes of localization, this should not change from occurrence to occurrence of the problem. - `detail` (string) Human-readable explanation that is specific to this occurrence of the problem. - `instance` (string) URI reference that identifies the specific occurrence of the problem. It may or may not yield further information if dereferenced. ## Response 403 fields (application/json): - `status` (integer) HTTP status code. - `type` (string) Problem type in the form of a [URI](https://tools.ietf.org/html/rfc3986) reference. It should provide human-readable documentation for the problem type. When this member is not present, its value is assumed to be "about:blank". - `title` (string) Short, human-readable summary of the problem type. Other than for the purposes of localization, this should not change from occurrence to occurrence of the problem. - `detail` (string) Human-readable explanation that is specific to this occurrence of the problem. - `instance` (string) URI reference that identifies the specific occurrence of the problem. It may or may not yield further information if dereferenced. ## Response 404 fields (application/json): - `status` (integer) HTTP status code. - `type` (string) Problem type in the form of a [URI](https://tools.ietf.org/html/rfc3986) reference. It should provide human-readable documentation for the problem type. When this member is not present, its value is assumed to be "about:blank". - `title` (string) Short, human-readable summary of the problem type. Other than for the purposes of localization, this should not change from occurrence to occurrence of the problem. - `detail` (string) Human-readable explanation that is specific to this occurrence of the problem. - `instance` (string) URI reference that identifies the specific occurrence of the problem. It may or may not yield further information if dereferenced. ## Response 429 fields (application/json): - `type` (string) Problem type in the form of a [URI](https://tools.ietf.org/html/rfc3986) reference. It should provide human-readable documentation for the problem type. When this member is not present, its value is assumed to be "about:blank". Example: "about:blank" - `title` (string) Short, human-readable summary of the problem type. Other than for the purposes of localization, this should not change from occurrence to occurrence of the problem. Example: "Rate Limit Exceeded" - `status` (integer) HTTP status code. - `detail` (string) Human-readable explanation that is specific to this occurrence of the problem. Example: "A request cannot be executed because the user has sent too many requests within a certain period of time" - `instance` (string) URI reference that identifies the specific occurrence of the problem. It may or may not yield further information if dereferenced.