Exchange an authentication token

Exchanges an authentication token for a JWT.

By default, this operation invalidates the exchanged authentication token.

SecurityAPI Key: SecretApiKey or HTTP: JWT or API Key: PublishableApiKey
Request
path Parameters
token
required
string

ID of the authentication token.

Request Body schema: application/json
invalidate
boolean
Default: true

Specifies whether to invalidate a token after an exchange is performed.

oneTimePassword
string^[0-9]{6}$

One time password that sent by email. This value must contain digits only.

Array of objects (Acl)

Access Control List (ACL) information.

object
expiredTime
string <date-time>

Date and time when the session expires. The default value is one hour after the createdTime value.

post
/authentication-tokens/{token}/exchange
Request samples
application/json
{ "invalidate": true, "oneTimePassword": "123456", "acl": [ ], "customClaims": { "redirectUrl": "https://mywebsite.com" }, "expiredTime": "2019-08-24T14:15:22Z" }
Responses

201

Authentication token exchanged for a JWT.

401

Unauthorized access. Invalid credentials used.

403

Access forbidden.

404

Resource not found.

Response samples
application/json
{ "id": "jwt_0YV7DEJX80CDRAKVTV478ZNJDR", "type": "customer", "token": "string", "customerId": "cus_0YV7DDSDD1C8DA64KHH2W33CPF", "acl": [ ], "customClaims": { "redirectUrl": "https://mywebsite.com" }, "createdTime": "2019-08-24T14:15:22Z", "updatedTime": "2019-08-24T14:15:22Z", "expiredTime": "2019-08-24T14:15:22Z", "_links": [ ] }