Exchange an authentication token

Exchanges an authentication token for a JWT.

By default, this operation invalidates the exchanged authentication token.

SecuritySecretApiKey or JWT or PublishableApiKey
Request
path Parameters
token
required
string

ID of the authentication token.

Request Body schema: application/json
invalidate
boolean
Default: true

Specifies whether to invalidate a token after an exchange is performed.

oneTimePassword
string^[0-9]{6}$

One time password that sent by email. This value must contain digits only.

Array of objects (Acl)

Access Control List (ACL) information.

Array
required
object

Scope of the API key.

permissions
required
Array of strings <operationId>

If you are creating a restricted API key, use this field to specify individual permissions. Use the wildcard character * to provide full access.

object
property name*
additional property
any
expiredTime
string <date-time>

Date and time when the session expires. The default value is one hour after the createdTime value.

Responses
201

Authentication token exchanged for a JWT.

Response Headers
Location
string <uri>

Location of the related resource.

Example: "https://api.rebilly.com/example"
Response Schema: application/json
id
string <= 50 characters

ID of the session.

type
string

Type of session.

Value: "customer"
token
string

Token used for authentication.

customerId
string <= 50 characters

Customer resource ID.

Array of objects (Acl)

Access Control List (ACL) information.

Array
required
object

Scope of the API key.

permissions
required
Array of strings <operationId>

If you are creating a restricted API key, use this field to specify individual permissions. Use the wildcard character * to provide full access.

object
property name*
additional property
any
createdTime
string <date-time> (CreatedTime)

Date and time which is set automatically when the resource is created.

updatedTime
string <date-time> (UpdatedTime)

Date and time which updates automatically when the resource is updated.

expiredTime
string <date-time>

Date and time when the session expires. The default value is one hour after the createdTime value.

Array of objects

Related links.

Array
href
string

Link URL.

rel
string

Type of link.

Value: "customer"
401

Unauthorized access. Invalid credentials used.

403

Access forbidden.

404

Resource not found.

post/authentication-tokens/{token}/exchange
Request samples
application/json
{
  • "invalidate": true,
  • "oneTimePassword": "123456",
  • "acl": [
    ],
  • "customClaims": {},
  • "expiredTime": "2019-08-24T14:15:22Z"
}
Response samples
application/json
{
  • "id": "jwt_0YV7DEJX80CDRAKVTV478ZNJDR",
  • "type": "customer",
  • "token": "string",
  • "customerId": "cus_0YV7DDSDD1C8DA64KHH2W33CPF",
  • "acl": [
    ],
  • "customClaims": {},
  • "createdTime": "2019-08-24T14:15:22Z",
  • "updatedTime": "2019-08-24T14:15:22Z",
  • "expiredTime": "2019-08-24T14:15:22Z",
  • "_links": [
    ]
}