Skip to main content
POST
/
scoped-tokens
cURL
curl --request POST \
  --url https://api.useanima.sh/v1/scoped-tokens \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "audience": "<string>",
  "scopes": [
    "<string>"
  ],
  "ttlSeconds": 300,
  "parentJti": "<string>",
  "metadata": {}
}
'
{
  "token": "<string>",
  "record": {
    "id": "<string>",
    "jti": "<string>",
    "agentId": "<string>",
    "orgId": "<string>",
    "scopes": [
      "<string>"
    ],
    "audience": "<string>",
    "parentJti": "<string>",
    "expiresAt": "2023-11-07T05:31:56Z",
    "revokedAt": "2023-11-07T05:31:56Z",
    "createdAt": "2023-11-07T05:31:56Z"
  }
}

Authorizations

Authorization
string
header
required

JWT Bearer token obtained from authentication. Pass as: Authorization: Bearer

Body

application/json

Issue a new scoped token

audience
string
required

Token audience (typically the service identifier, e.g. 'api.useanima.sh')

Minimum string length: 1
scopes
string[]
required

Scope strings the token grants, e.g. ['email:send']

Minimum array length: 1
Minimum string length: 3
ttlSeconds
integer
default:300

Token TTL in seconds (max 1h)

Required range: 0 <= x <= 3600
parentJti
string

Parent token jti for delegation chains

Required string length: 32
metadata
object

Free-form metadata (task id, conversation id, etc.)

Response

200 - application/json

OK

Result of issuing a scoped token

token
string
required

Raw JWT — only returned at issuance time

Pattern: ^stk_
record
object
required

Persisted record (no raw JWT)