mod-authtoken API (v1)

token-legacy

Deprecated. Will be removed in a future release. Please use /token/sign instead. Returns a signed, non-expiring legacy access token.

header Parameters
X-Okapi-Tenant
required
string

Okapi Tenant

X-Okapi-Url
required
string

Okapi URL

Request Body schema: application/json
required
required
object

The payload of the token signing request

sub
required
string

The subject (the username) for the user

property name*
additional property
any

Responses

Request samples

Content type
application/json
{
  • "payload": {
    }
}

Response samples

Content type
application/json
{
  • "token": "string"
}

token-sign-legacy

Returns a signed, expiring refresh token. This is a legacy endpoint and should not be called by new code and will soon be fully depreciated.

header Parameters
X-Okapi-Tenant
required
string

Okapi Tenant

X-Okapi-Url
required
string

Okapi URL

Request Body schema: application/json
required
userId
required
string <uuid>

The user id of the request

sub
required
string

The subject (user id) of the request

Responses

Request samples

Content type
application/json
{
  • "userId": "2c4a230c-5085-4924-a3e1-25fb4fc5965b",
  • "sub": "string"
}

Response samples

Content type
application/json
{
  • "token": "string"
}

token-sign

Returns a signed, expiring access token and refresh token. Also returns the expiration of each token in the body of the response. The access token time to live is 10 minutes and the refresh token is one week.

header Parameters
X-Okapi-Tenant
required
string

Okapi Tenant

X-Okapi-Url
required
string

Okapi URL

Request Body schema: application/json
required
required
object

The payload of the token signing request

sub
required
string

The subject (the username) for the user

property name*
additional property
any

Responses

Request samples

Content type
application/json
{
  • "payload": {
    }
}

Response samples

Content type
application/json
{
  • "token": "string",
  • "refreshToken": "string",
  • "accessToken": "string"
}

token-refresh

Returns a new refresh token and a new access token. Also returns the expiration of each token in the body of the response. Time to live is 10 minutes for the access token and one week for the refresh token.

header Parameters
X-Okapi-Tenant
required
string

Okapi Tenant

X-Okapi-Url
required
string

Okapi URL

Request Body schema: application/json
required
refreshToken
required
string

The JWE refresh token

Responses

Request samples

Content type
application/json
{
  • "refreshToken": "string"
}

Response samples

Content type
application/json
{
  • "token": "string",
  • "refreshToken": "string",
  • "accessToken": "string"
}

token-invalidate

Invalidate a single refresh token. An access token cannot be invalidated and remains valid until its expiration time; this is by design because the access token is stateless.

header Parameters
X-Okapi-Tenant
required
string

Okapi Tenant

X-Okapi-Url
required
string

Okapi URL

Request Body schema: application/json
required
refreshToken
required
string

The JWE refresh token

Responses

Request samples

Content type
application/json
{
  • "refreshToken": "string"
}

Response samples

Content type
No sample

token-invalidate-all

Invalidate all refresh tokens for a user. An access token cannot be invalidated and remains valid until its expiration time; this is by design because the access token is stateless.

header Parameters
X-Okapi-Tenant
required
string

Okapi Tenant

X-Okapi-Url
required
string

Okapi URL

Responses

Response samples

Content type
No sample