Exchange an authentication token

Exchanges an authentication token for a JWT.

By default, this operation invalidates the exchanged authentication token.

SecuritySecretApiKey or JWT or PublishableApiKey
Request
path Parameters
token
required
string

Authentication token identifier string.

Request Body schema: application/json
invalidate
boolean
Default: true

Specifies whether to invalidate a token after an exchange is performed.

oneTimePassword
string^[0-9]{6}$

One time password that sent by email. This value must contain digits only.

Array of objects (Acl)
Array
required
object

Scope of the API key.

permissions
required
Array of strings <operationId>

If you are creating a restricted API key, use this field to specify individual permissions. Use the wildcard character * to provide full access.

object
property name*
additional property
any
expiredTime
string <date-time>

Date and time at which the session expires. The default value is one hour after the createdTime value.

Responses
201

Authentication token exchanged for a JWT.

Response Headers
Location
string <uri>

Location of the related resource.

Example: "https://api.rebilly.com/example"
Response Schema: application/json
id
string <= 50 characters

The session identifier string.

type
string

Session type.

Value: "customer"
token
string

The session's token used for authentication.

customerId
string <= 50 characters

Customer resource ID. Defaults to UUID v4.

Array of objects (Acl)
Array
required
object

Scope of the API key.

permissions
required
Array of strings <operationId>

If you are creating a restricted API key, use this field to specify individual permissions. Use the wildcard character * to provide full access.

object
property name*
additional property
any
createdTime
string <date-time>

Date and time at which the session was created.

updatedTime
string <date-time> (UpdatedTime)

Read-only timestamp. This value updates when the resource is updated.

expiredTime
string <date-time>

Date and time at which the session expires. The default value is one hour after the createdTime value.

Array of objects (CustomerLink) non-empty

Related resource links.

Array (non-empty)
rel
required
string

Type of link.

Enum: "customer" "targetCustomer"
href
required
string

Link URL.

401

Unauthorized access. Invalid credentials used.

403

Access forbidden.

404

Resource not found.

post/authentication-tokens/{token}/exchange
Request samples
application/json
{
  • "invalidate": true,
  • "oneTimePassword": "123456",
  • "acl": [
    ],
  • "customClaims": {},
  • "expiredTime": "2019-08-24T14:15:22Z"
}
Response samples
application/json
{
  • "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
  • "type": "customer",
  • "token": "string",
  • "customerId": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
  • "acl": [
    ],
  • "customClaims": {},
  • "createdTime": "2019-08-24T14:15:22Z",
  • "updatedTime": "2019-08-24T14:15:22Z",
  • "expiredTime": "2019-08-24T14:15:22Z",
  • "_links": [
    ]
}