# Access Token API - **Base URL:** `https://access-token.sls.epilot.io` - **Full API Docs:** [https://docs.epilot.io/api/access-token](https://docs.epilot.io/api/access-token) ## Usage ```ts import { epilot } from '@epilot/sdk' epilot.authorize(() => '') const { data } = await epilot.accessToken.createAccessToken(...) ``` ### Tree-shakeable import ```ts import { getClient, authorize } from '@epilot/sdk/access-token' const accessTokenClient = getClient() authorize(accessTokenClient, () => '') const { data } = await accessTokenClient.createAccessToken(...) ``` ## Operations **Access Tokens** - [`createAccessToken`](#createaccesstoken) - [`listAccessTokens`](#listaccesstokens) - [`revokeAccessToken`](#revokeaccesstoken) **Public** - [`getAccessTokenJwks`](#getaccesstokenjwks) - [`getAccessTokenOIDC`](#getaccesstokenoidc) - [`getPublicTokenJwks`](#getpublictokenjwks) - [`getPortalPreviewTokenJwks`](#getportalpreviewtokenjwks) - [`getPublicTokenOIDC`](#getpublictokenoidc) - [`getPortalPreviewTokenOIDC`](#getportalpreviewtokenoidc) **Schemas** - [`AccessToken`](#accesstoken) - [`AccessTokenId`](#accesstokenid) - [`AccessTokenName`](#accesstokenname) - [`AccessTokenType`](#accesstokentype) - [`AccessTokenJourneyId`](#accesstokenjourneyid) - [`PortalId`](#portalid) - [`PortalUserId`](#portaluserid) - [`TokenParameters`](#tokenparameters) - [`ExpiresIn`](#expiresin) - [`ReadOnly`](#readonly) - [`AccessTokenParameters`](#accesstokenparameters) - [`JourneyTokenParameters`](#journeytokenparameters) - [`PortalTokenParameters`](#portaltokenparameters) - [`AssumeTokenParameters`](#assumetokenparameters) - [`AppTokenParameters`](#apptokenparameters) - [`PortalPreviewTokenParameters`](#portalpreviewtokenparameters) - [`AccessTokenItem`](#accesstokenitem) - [`RoleId`](#roleid) - [`Assignments`](#assignments) ### `createAccessToken` **Access Token type: `API`** (default if not specified): `POST /v1/access-tokens` ```ts const { data } = await client.createAccessToken( null, { name: 'Postman Access Token', token_type: 'api', assignments: ['123:owner'], expires_in: 3600, read_only: true }, ) ```
Response ```json { "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6Ikp...", "id": "api_5ZugdRXasLfWBypHi93Fk", "created_at": "1970-01-01T00:00:00.000Z", "name": "Postman Access Token", "token_type": "api", "journey_id": "string", "portal_id": "string", "portal_user_id": "string", "assignments": ["123:owner"], "read_only": true, "last_used": "2026-02-24" } ```
--- ### `listAccessTokens` Lists all Access Tokens for current user (by default excludes system generated tokens) `GET /v1/access-tokens` ```ts const { data } = await client.listAccessTokens({ token_type: ['...'], }) ```
Response ```json [ { "id": "api_5ZugdRXasLfWBypHi93Fk", "created_at": "1970-01-01T00:00:00.000Z", "name": "Postman Access Token", "token_type": "api", "journey_id": "string", "portal_id": "string", "portal_user_id": "string", "assignments": ["123:owner"], "read_only": true, "last_used": "2026-02-24" } ] ```
--- ### `revokeAccessToken` Revokes an Access Token so it can't be used anymore. `DELETE /v1/access-tokens/{id}` ```ts const { data } = await client.revokeAccessToken({ id: '123e4567-e89b-12d3-a456-426614174000', }) ```
Response ```json { "id": "api_5ZugdRXasLfWBypHi93Fk", "created_at": "1970-01-01T00:00:00.000Z", "name": "Postman Access Token", "token_type": "api", "journey_id": "string", "portal_id": "string", "portal_user_id": "string", "assignments": ["123:owner"], "read_only": true, "last_used": "2026-02-24" } ```
--- ### `getAccessTokenJwks` Get jwks public key set to verify access tokens generated by this API `GET /v1/access-tokens/.well-known/jwks.json` ```ts const { data } = await client.getAccessTokenJwks() ```
Response ```json { "keys": [ { "alg": "RS256", "e": "AQAB", "kid": "tXWU5mPMbRPczpbQwi6vbhLF4GgF3wlMDSyqo7pfeiw=", "kty": "RSA", "n": "h_QDoCjZ8W_trtYXaP7_S22wf5r5Wd9XBLED78oT44bJjQXn8ddcFV8Hik65_4IYXVX_hTTU4zpxe3H8vx2j7-Zz3O59mYMp5S0MzODNEdf5Y_2o19eis0brmAJniixsNlQ9LlYkdrVamrgaxHu3ZpP_99zkfFybYeuYoQNzb3PyrT8xVnz_USs_nlFMHpGUxvvz7gfKPqxcLvgLJr4cwI9yzaSY9CD4qW181QVcnL_WzpQ8xx6AuhhHZQ1l_3GG4InTk8ahE7U2ZHVu8RrX6d01pMgc3piEcet9RgFLnhbTg3YIiKGoAbN42wJn_x3lgIAC42T9mbmTsHyUdS6nUQ", "use": "sig" } ] } ```
--- ### `getAccessTokenOIDC` OpenID Connect configuration for Access Token API as identity provider `GET /v1/access-tokens/.well-known/openid-configuration` ```ts const { data } = await client.getAccessTokenOIDC() ```
Response ```json { "issuer": "https://access-token.sls.epilot.io/v1/access-tokens", "jwks_uri": "https://access-token.sls.epilot.io/v1/access-tokens/.well-known/jwks.json" } ```
--- ### `getPublicTokenJwks` Get jwks public key set to verify public tokens generated by this API `GET /v1/access-tokens/public/.well-known/jwks.json` ```ts const { data } = await client.getPublicTokenJwks() ```
Response ```json { "keys": [ { "alg": "RS256", "e": "AQAB", "kid": "tXWU5mPMbRPczpbQwi6vbhLF4GgF3wlMDSyqo7pfeiw=", "kty": "RSA", "n": "h_QDoCjZ8W_trtYXaP7_S22wf5r5Wd9XBLED78oT44bJjQXn8ddcFV8Hik65_4IYXVX_hTTU4zpxe3H8vx2j7-Zz3O59mYMp5S0MzODNEdf5Y_2o19eis0brmAJniixsNlQ9LlYkdrVamrgaxHu3ZpP_99zkfFybYeuYoQNzb3PyrT8xVnz_USs_nlFMHpGUxvvz7gfKPqxcLvgLJr4cwI9yzaSY9CD4qW181QVcnL_WzpQ8xx6AuhhHZQ1l_3GG4InTk8ahE7U2ZHVu8RrX6d01pMgc3piEcet9RgFLnhbTg3YIiKGoAbN42wJn_x3lgIAC42T9mbmTsHyUdS6nUQ", "use": "sig" } ] } ```
--- ### `getPortalPreviewTokenJwks` Get jwks public key set to verify portal preview tokens generated by this API `GET /v1/access-tokens/portal-preview/.well-known/jwks.json` ```ts const { data } = await client.getPortalPreviewTokenJwks() ```
Response ```json { "keys": [ { "alg": "RS256", "e": "AQAB", "kid": "tXWU5mPMbRPczpbQwi6vbhLF4GgF3wlMDSyqo7pfeiw=", "kty": "RSA", "n": "h_QDoCjZ8W_trtYXaP7_S22wf5r5Wd9XBLED78oT44bJjQXn8ddcFV8Hik65_4IYXVX_hTTU4zpxe3H8vx2j7-Zz3O59mYMp5S0MzODNEdf5Y_2o19eis0brmAJniixsNlQ9LlYkdrVamrgaxHu3ZpP_99zkfFybYeuYoQNzb3PyrT8xVnz_USs_nlFMHpGUxvvz7gfKPqxcLvgLJr4cwI9yzaSY9CD4qW181QVcnL_WzpQ8xx6AuhhHZQ1l_3GG4InTk8ahE7U2ZHVu8RrX6d01pMgc3piEcet9RgFLnhbTg3YIiKGoAbN42wJn_x3lgIAC42T9mbmTsHyUdS6nUQ", "use": "sig" } ] } ```
--- ### `getPublicTokenOIDC` OpenID Connect configuration for Access Token API a a public identity provider `GET /v1/access-tokens/public/.well-known/openid-configuration` ```ts const { data } = await client.getPublicTokenOIDC() ```
Response ```json { "issuer": "https://access-token.sls.epilot.io/v1/access-tokens", "jwks_uri": "https://access-token.sls.epilot.io/v1/access-tokens/.well-known/jwks.json" } ```
--- ### `getPortalPreviewTokenOIDC` OpenID Connect configuration for Access Token API a a portal preview identity provider `GET /v1/access-tokens/portal-preview/.well-known/openid-configuration` ```ts const { data } = await client.getPortalPreviewTokenOIDC() ```
Response ```json { "issuer": "https://access-token.sls.epilot.io/v1/access-tokens/portal-preview", "jwks_uri": "https://access-token.sls.epilot.io/v1/access-tokens/portal-preview/.well-known/jwks.json" } ```
--- ## Schemas ### `AccessToken` A JWT Access Token ```ts type AccessToken = string ``` ### `AccessTokenId` ```ts type AccessTokenId = string ``` ### `AccessTokenName` Human readable name for access token ```ts type AccessTokenName = string ``` ### `AccessTokenType` Access token type ```ts type AccessTokenType = "api" | "journey" | "portal" | "assume" | "app" | "portal_preview" ``` ### `AccessTokenJourneyId` Journey ID for access token type "journey" ```ts type AccessTokenJourneyId = string ``` ### `PortalId` Portal ID for access token type "portal" ```ts type PortalId = string ``` ### `PortalUserId` Portal User ID for access token type "portal_preview" ```ts type PortalUserId = string ``` ### `TokenParameters` ```ts type TokenParameters = { name: string token_type?: "api" assignments?: string[] expires_in?: number | string read_only?: boolean } | { name: string token_type?: "journey" journey_id: string expires_in?: number | string } | { name: string token_type?: "portal" portal_id: string expires_in?: number | string } | { name: string token_type?: "assume" assignments?: string[] read_only?: boolean } | { name: string token_type?: "app" assignments?: string[] expires_in?: number | string read_only?: boolean } | { name: string token_type?: "portal_preview" portal_id: string portal_user_id: string } ``` ### `ExpiresIn` ```ts type ExpiresIn = number | string ``` ### `ReadOnly` When true, the issued token may only perform read-only actions. Any action guarded by permissions that is not read-only (i.e. not a view/export/download action) is denied, regardless of the roles the token carries. ```ts type ReadOnly = boolean ``` ### `AccessTokenParameters` ```ts type AccessTokenParameters = { name: string token_type?: "api" assignments?: string[] expires_in?: number | string read_only?: boolean } ``` ### `JourneyTokenParameters` ```ts type JourneyTokenParameters = { name: string token_type?: "journey" journey_id: string expires_in?: number | string } ``` ### `PortalTokenParameters` ```ts type PortalTokenParameters = { name: string token_type?: "portal" portal_id: string expires_in?: number | string } ``` ### `AssumeTokenParameters` ```ts type AssumeTokenParameters = { name: string token_type?: "assume" assignments?: string[] read_only?: boolean } ``` ### `AppTokenParameters` ```ts type AppTokenParameters = { name: string token_type?: "app" assignments?: string[] expires_in?: number | string read_only?: boolean } ``` ### `PortalPreviewTokenParameters` ```ts type PortalPreviewTokenParameters = { name: string token_type?: "portal_preview" portal_id: string portal_user_id: string } ``` ### `AccessTokenItem` ```ts type AccessTokenItem = { id: string created_at: string // date-time name: string token_type?: "api" | "journey" | "portal" | "assume" | "app" | "portal_preview" journey_id?: string portal_id?: string portal_user_id?: string assignments?: string[] read_only?: boolean last_used?: string // date } ``` ### `RoleId` Format: ``:`` ```ts type RoleId = string ``` ### `Assignments` List of role ids attached to an user ```ts type Assignments = string[] ```