Exchange an authentication token

Exchange Authentication Token for JWT.

It will also invalidate an Authentication Token by default (so it can only be exchanged once).

SecuritySecretApiKey or JWT or PublishableApiKey
Request
path Parameters
token
required
string

The token identifier string.

Request Body schema: application/json
invalidate
boolean
Default: true

Whether to invalidate token after exchange or not.

oneTimePassword
string^[0-9]{6}$

The one time password sent via an email. Should contain digits only.

Array of objects (Acl)
Array
required
object

Api Key scope.

permissions
required
Array of strings <operationId>

Specify individual permission here if creating a restricted API key. Use wildcard * for full access.

object
property name*
additional property
any
expiredTime
string <date-time>

Session expired time. Defaults to one hour.

Responses
201

Authentication Token exchanged for JWT.

Response Headers
Location
string <uri>

The location of the related resource.

Example: "https://api.rebilly.com/example"
Response Schema: application/json
id
string <= 50 characters

The session identifier string.

type
string

Session type.

Value: "customer"
token
string

The session's token used for authentication.

customerId
string <= 50 characters

The customer resource ID. Defaults to UUID v4.

Array of objects (Acl)
Array
required
object

Api Key scope.

permissions
required
Array of strings <operationId>

Specify individual permission here if creating a restricted API key. Use wildcard * for full access.

object
property name*
additional property
any
createdTime
string <date-time>

Session created time.

updatedTime
string <date-time> (UpdatedTime)

Read-only timestamp updates when the resource is updated.

expiredTime
string <date-time>

Session expired time. Defaults to one hour.

Array of objects (CustomerLink) non-empty

The links related to resource.

Array (non-empty)
rel
required
string

The link type.

Enum: "customer" "targetCustomer"
href
required
string

The link URL.

401

Unauthorized access, invalid credentials were used.

403

Access forbidden.

404

Resource was not found.

post/authentication-tokens/{token}/exchange
Request samples
application/json
{
  • "invalidate": true,
  • "oneTimePassword": "123456",
  • "acl": [
    ],
  • "customClaims": {},
  • "expiredTime": "2019-08-24T14:15:22Z"
}
Response samples
application/json
{
  • "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
  • "type": "customer",
  • "token": "string",
  • "customerId": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
  • "acl": [
    ],
  • "customClaims": {},
  • "createdTime": "2019-08-24T14:15:22Z",
  • "updatedTime": "2019-08-24T14:15:22Z",
  • "expiredTime": "2019-08-24T14:15:22Z",
  • "_links": [
    ]
}