Contents

POST /accounts/$USERNAME/token#

Create an authentification token.

Request:

interface TokenRequest {
  // Scope for the token.
  scope: "readonly" | "readwrite" | "revenue" | "wiregateway" | "observability";

  // Custom token validity duration
  duration?: RelativeTime;

  // Is the token refreshable into a new token during its
  // validity?
  // Refreshable tokens effectively provide indefinite
  // access if they are refreshed in time.
  refreshable?: boolean;

  // Optional token description
  // @since **v4**
  description?: string;
}

Response:

200 Ok:

Response is a TokenSuccessResponse.

202 Accepted:

2FA is required for this operation. This returns the ChallengeResponse response. @since v10

401 Unauthorized:

Invalid or missing credentials.

403 Forbidden:
  • TALER_EC_GENERIC_FORBIDDEN: missing rights.

  • TALER_EC_BANK_ACCOUNT_LOCKED: account is locked and cannot create new token using its password.

Details:

interface TokenSuccessResponse {
  // Expiration determined by the server.
  // Can be based on the token_duration
  // from the request, but ultimately the
  // server decides the expiration.
  expiration: Timestamp;

  // Opque access token.
  access_token: string;
}