Api tokens
Create Customer Token
Creates a new API token scoped to a customer. Restricted users must specify customerId. The full token is returned only once — store it securely.
POST /api/customer/tokens
Request Body
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
name | string | Yes | — | Token display name (1–255 chars) |
expiresInDays | number | No | null | Days until expiration (1–365). Null = no expiration. |
customerId | number | No* | null | Scope token to a specific customer. Required for restricted users. |
Example (cURL)
curl -X POST "$BASE_URL/api/customer/tokens" \
-H "Cookie: $SESSION_COOKIE" \
-H "Content-Type: application/json" \
-d '{
"name": "Acme Corp API Token",
"customerId": 5,
"expiresInDays": 180
}'Response
{
"id": 2,
"name": "Acme Corp API Token",
"token": "wsm_f7e6d5c4b3a2...",
"lastUsedAt": null,
"expiresAt": "2026-10-15T08:00:00.000Z",
"createdAt": "2026-04-15T08:00:00.000Z"
}Common errors
400 Invalid customer IDwhen customerId doesn't belong to your organization400 customerId is requiredwhen restricted user doesn't specify customerId403 Forbiddenwhen customer is outside user's scope