A single access token. Note that the token itself will never be published by the API to prevent misusing them; instead this resource will deliver metadata to enable an overview of issued tokens and the possibility to revoke them.
The JSON Schema is https://schema.entrecode.de/schema-acc/account-token.
|accessTokenID||String||Version 4 UUID (RFC 4122)||The unique identifier for the Token. This is NOT the token itself. It is equivalent to the JWT's
||No. Gets generated on creation.|
|device||JSON||Device this access token was issued to. JSON object provided by express-useragent. Notable properties are
|ipAddress||String||IP Address (IPv6 or IPv4)||IP Address this access token was issued to||No|
|ipAddressLocation||String||Assumed Location of the IP Address this access token was issued to (e.g. city name)||No|
|isCurrent||Boolean||Flag indicating that this access token is the one currently used for this request||No|
|issued||String||ISO-8601 formatted UTC Date String (YYYY-MM-DDTHH:mm:ss.sssZ, RFC 3339)||Timestamp of the creation of this access token||No|
|validUntil||String||ISO-8601 formatted UTC Date String (YYYY-MM-DDTHH:mm:ss.sssZ, RFC 3339)||Timestamp of the current end of the validity lifetime of this token.||No|
|Relation Name||Target Resource||Description||Possible Methods|
|self||Token||The resource itself||GET, DELETE|
|collection||Token List||List of all available Tokens||GET|
|ec:account||Account||The account of this access token.||GET, PUT|
The Token List Resource is a Generic List Resource with embedded Token Resources.
It is a collection of currently valid access tokens for an account.
To read a single Token Resource, clients may perform GET on a
To read the App List Resource, clients may perform GET on a
ec:account/tokens relation or on the
collection relation of a single Token resource.
In both cases, the success status code is 200 OK.
A new token gets generated on Login. For API Keys, a long-lived token gets generated on creation.
It is possible to add 1 additional token to API Key Accounts (Accounts without password and without email address). POST to
ec:account/tokens with account edit permission.
An API Key Account can have a maximum of 2 valid tokens at any time. To create more, invalidate an old one first.
Modification of Tokens is not possible.
A token can be revoked by performing a DELETE Request on a single Token resource. The token can then not be used anymore, regardless of its
The current token (
isCurrent === true) cannot be deleted. Perform a Logout instead.