Skip to main content
POST
/
auth
/
issue-token
Create an auth token
curl --request POST \
  --url https://api.courier.com/auth/issue-token \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
  "scope": "<string>",
  "expires_in": "<string>"
}'
{
  "token": "<string>"
}

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Body

application/json
scope
string
required

Space-separated list of scopes that define what the token can access. Common scopes include:

Inbox Auth:

  • user_id:<user-id> - Access to a specific user (multiple can be listed)
  • read:messages - Read messages (requires user_id scope)
  • inbox:read:messages - Read inbox messages
  • inbox:write:events - Write inbox events (mark as read, etc.)

Preferences Auth:

  • read:preferences - Read user preferences
  • write:preferences - Write user preferences

Brands Auth:

  • read:brands[:<brand_id>] - Read brands (optionally specific brand)
  • write:brands[:<brand_id>] - Write brands (optionally specific brand)

Example: "user_id:user123 inbox:read:messages inbox:write:events"

expires_in
string
required

Duration for token expiration. Accepts various time formats:

  • "2 hours" - 2 hours from now
  • "1d" - 1 day
  • "10h" - 10 hours
  • "2.5 hrs" - 2.5 hours
  • "1m" - 1 minute
  • "5s" - 5 seconds
  • "1y" - 1 year

Response

200 - application/json
token
string
required