Skip to main content

Auth Token Management

Inbox Auth

  • user_id:<user-id> - Gives the token access to a given user. Multiple can be listed. Ex user_id:pigeon user_id:bluebird. User ID scopes must be used in conjunction with other scopes to specify which resources of the user the token can access.
  • read:messages - Gives the token access to read messages. Must be used in conjunction with one or more user_ids.
  • read:user-tokens - Gives the token access to read user tokens. Must be used in conjunction with one or more user_id scopes.
  • write:user-tokens - Gives the token access to write user tokens. Must be used in conjunction with one or more user_id scopes.
  • read:brands[:<brand_id>] Give the token access to read brands, optionally restricted to a specific brand_id. Examples read:brands, read:brands:my_brand.
  • write:brands[:<brand_id>] Give the token access to read brands, optionally restricted to a specific brand_id. Examples write:brands, write:brands:my_brand.
  • inbox:read:messages Give the token access to read inbox messages.
  • inbox:write:events Give the token access to write inbox events, such as mark message as read.

Preferences Auth

  • read:preferences Give the token access to read user preferences.
  • write:preferences Give the token access to write user preferences.

Courier Create Auth

  • tenants:read | Read all tenant data
  • tenants:notifications:read | Read all notification templates
  • tenants:notifications:write | Write notification templates
  • tenants:brand:read | Read brand settings across tenants
  • tenant:$TENANT_ID:read | Read data for a specific tenant
  • tenant:$TENANT_ID:notification:read | Read specific tenant’s notifications
  • tenant:$TENANT_ID:notification:write | Write specific tenant’s notifications
  • tenant:$TENANT_ID:brand:read | Read brand settings for a specific tenant
  • tenant:$TENANT_ID:brand:write | Write brand settings for a specific tenant

Time Limits

A duration can be passed to auth tokens to restrict the amount of time a user has the given scopes. You can do so by adding the expires_in property to the request body: 
{
  "scope": "user_id:{{userId}} inbox:read:messages inbox:write:events",
  "expires_in": "2 hours"
}
Accepted time formats: 
ms('2 days')  // 172800000
ms('1d')      // 86400000
ms('10h')     // 36000000
ms('2.5 hrs') // 9000000
ms('2h')      // 7200000
ms('1m')      // 60000
ms('5s')      // 5000
ms('1y')      // 31557600000
ms('100')     // 100
ms('-3 days') // -259200000
ms('-1h')     // -3600000
ms('-200')    // -200