Skip to content

Authentication API

JWT token management for agent authentication.

Get Token

Exchange agent credentials for JWT tokens.

POST /v1/auth/token

Request

{
  "agent_id": "2ffacd56-86ff-483c-8c59-5686df52aff8",
  "secret": "sk_live_abc123..."
}

Response

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refresh_token": "rt_abc123...",
  "token_type": "bearer",
  "expires_in": 3600
}

Token Contents

The access token JWT contains:

{
  "agent_id": "2ffacd56-86ff-483c-8c59-5686df52aff8",
  "org_id": "f9cc87c8-ed04-4fdb-bb2b-ed82702a55b8",
  "scopes": ["payments:read", "payments:write"],
  "iat": 1705420800,
  "exp": 1705424400
}

Example

tokens = client.auth.get_token(
    agent_id=agent.id,
    secret=agent.secret
)

curl -X POST \
  -H "Content-Type: application/json" \
  -d '{"agent_id": "uuid", "secret": "sk_..."}' \
  https://web-production-b910f.up.railway.app/v1/auth/token

Refresh Token

Get a new access token using a refresh token.

POST /v1/auth/refresh

Request

{
  "refresh_token": "rt_abc123..."
}

Response

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refresh_token": "rt_new123...",
  "token_type": "bearer",
  "expires_in": 3600
}

Revoke Token

Invalidate a refresh token.

POST /v1/auth/revoke

Headers

Header Required Description
Authorization Yes Bearer token

Request

{
  "refresh_token": "rt_abc123..."
}

Response

{
  "revoked": true
}