> ## Documentation Index
> Fetch the complete documentation index at: https://docs.useanima.sh/llms.txt
> Use this file to discover all available pages before exploring further.

# Post scoped tokens



## OpenAPI

````yaml /openapi.json post /scoped-tokens
openapi: 3.1.1
info:
  title: Anima API
  version: 0.1.0
  description: >-
    The Anima API provides programmatic access to unified infrastructure for AI
    agents: create and manage agents; send and receive email; place phone calls
    and send/receive SMS and voice; store and retrieve vault credentials; manage
    agent identity; and configure webhooks for real-time events. Authenticate
    using a Bearer token or an API key passed via the X-API-Key header.
  contact:
    name: Anima Labs
    url: https://useanima.sh
    email: support@useanima.sh
  license:
    name: MIT
    url: https://opensource.org/licenses/MIT
servers:
  - url: https://api.useanima.sh/v1
    description: Production
security:
  - BearerAuth: []
  - ApiKeyAuth: []
tags:
  - name: Agents
    description: Create and manage AI agents with email and phone capabilities
  - name: Inboxes
    description: Manage email inboxes and their configurations
  - name: Messages
    description: Send, receive, and search email messages
  - name: Webhooks
    description: Register and manage webhook subscriptions for real-time events
  - name: Organizations
    description: Manage organizations and team settings
  - name: Domains
    description: Configure and verify custom email domains
  - name: Phone
    description: Manage phone numbers and SMS/voice capabilities
  - name: Invoices
    description: Track invoices, match receipts, and reconcile payments
  - name: Billing
    description: View usage, tiers, and billing information
  - name: Security
    description: Configure security policies and access controls
  - name: Vault
    description: Store and retrieve encrypted secrets
  - name: API Keys
    description: Create and manage API keys for programmatic access
paths:
  /scoped-tokens:
    post:
      operationId: scopedTokens.issue
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                audience:
                  type: string
                  minLength: 1
                  description: >-
                    Token audience (typically the service identifier, e.g.
                    'api.useanima.sh')
                scopes:
                  type: array
                  items:
                    type: string
                    minLength: 3
                  minItems: 1
                  description: Scope strings the token grants, e.g. ['email:send']
                ttlSeconds:
                  default: 300
                  type: integer
                  minimum: 0
                  maximum: 3600
                  description: Token TTL in seconds (max 1h)
                parentJti:
                  type: string
                  minLength: 32
                  maxLength: 32
                  description: Parent token jti for delegation chains
                metadata:
                  type: object
                  additionalProperties: {}
                  description: Free-form metadata (task id, conversation id, etc.)
              required:
                - audience
                - scopes
              description: Issue a new scoped token
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                type: object
                properties:
                  token:
                    type: string
                    pattern: ^stk_
                    description: Raw JWT — only returned at issuance time
                  record:
                    type: object
                    properties:
                      id:
                        type: string
                        description: Database id (cuid)
                      jti:
                        type: string
                        minLength: 32
                        maxLength: 32
                        description: JWT id (matches the token's jti claim)
                      agentId:
                        type: string
                        description: Issuing agent id
                      orgId:
                        type: string
                        description: Organization id
                      scopes:
                        type: array
                        items:
                          type: string
                        description: Granted scopes
                      audience:
                        type: string
                        description: Audience (aud claim)
                      parentJti:
                        anyOf:
                          - type: string
                          - type: 'null'
                        description: Parent token jti, null for root
                      expiresAt:
                        type: string
                        format: date-time
                        description: Token expiry (ISO 8601)
                      revokedAt:
                        anyOf:
                          - type: string
                            format: date-time
                          - type: 'null'
                        description: Revocation timestamp, null if active
                      createdAt:
                        type: string
                        format: date-time
                        description: Creation timestamp
                    required:
                      - id
                      - jti
                      - agentId
                      - orgId
                      - scopes
                      - audience
                      - parentJti
                      - expiresAt
                      - revokedAt
                      - createdAt
                    description: Persisted record (no raw JWT)
                required:
                  - token
                  - record
                description: Result of issuing a scoped token
components:
  securitySchemes:
    BearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: >-
        JWT Bearer token obtained from authentication. Pass as: Authorization:
        Bearer <token>
    ApiKeyAuth:
      type: apiKey
      in: header
      name: X-API-Key
      description: 'API key for programmatic access. Pass as: X-API-Key: <your-key>'

````