TokenExchangeResponse

Successful response from POST /v1/auth/token. For the api_key grant, subject.type is always service_account.

  • accessToken
    Type: string
    required

    Short-lived JWT (1 hour) for use in the Authorization header.

  • expiresAt
    Type: stringFormat: date-time
    required

    ISO-8601 timestamp at which the token expires.

  • expiresIn
    Type: integer
    required

    Token lifetime in seconds.

  • scopes
    Type: array string[]
    required

    Permission scopes carried by this token; mirrors the API key's scopes.

  • subject
    Type: object
    required

    Identifies the entity (service account, user, or embed session) the token represents.

    • id
      Type: string
      required

      Stable ID for the subject (UUID).

    • type
      Type: stringenum
      required
      values
      • user
      • service_account
      • embed
    • mode
      Type: stringenum

      Mode of the namespace this token operates in.

      values
      • live
      • test
    • namespaceKey
      Type: string

      Namespace this token is scoped to.

    • orgId
      Type: string Pattern: ^org_[0-9a-z]{26}$

      Organization ID this token can act on. Prefixed lowercase ULID, e.g. org_01jv8m7qfj6xj9gkz7a4s2h8e.

  • tokenType
    enum
    const:  
    Bearer
    required
    values
    • Bearer