JavaScript
Client Tokens
Create a client token
Create a short-lived client token for browser SDK use.
Use case: Your backend calls this endpoint to generate a token, then passes it to your frontend. The frontend uses the token to make authenticated requests to /client/* endpoints.
Context types:
context: Public data accessible to the client via/client/contextserverContext: Private data only accessible to handlers (never exposed to client)
Security:
- Tokens are short-lived (default 1 hour, max 24 hours)
- Both context types are trusted and cannot be tampered with
- Store the token securely - it will only be shown once
Example flow:
- User logs in to your app
- Your backend calls
POST /v1/client-tokenswith{ context: { customerId: "cust_123" }, serverContext: { creditLimit: 1000 } } - Your backend returns the token to your frontend
- Frontend uses the token to call
/client/*endpoints (e.g., check limits)
POST
JavaScript
Authorizations
API Key or Personal Access Token (PAT). When using PAT, include X-Project header.
Body
application/json
Public context accessible to the client via /client/context (e.g., { customerId: "...", plan: "..." })
Private context only accessible to handlers, never exposed to client (e.g., { internalId: "..." })
Time-to-live in seconds. Default: 3600 (1 hour). Max: 86400 (24 hours).
Required range:
0 < x <= 86400