JavaScript
Client Tokens
Create a client token
Create a short-lived client token for browser SDK use.
Use case: Your backend calls this endpoint to generate a token, then passes it to your frontend. The frontend uses the token to make authenticated requests to /client/* endpoints.
Payload:
publicMetadata: Displayable properties, exposed via GET/client/token. For agent identity/attributes use serverContext.serverContext: Agent-facing context (identity, attributes, pass-through). Same shape as request context for chat/invoke. Never exposed to client.
Security:
- Tokens are short-lived (default 1 hour, max 24 hours)
- Both context types are trusted and cannot be tampered with
- Store the token securely - it will only be shown once
Example flow:
- User logs in to your app
- Your backend calls
POST /v1/client-tokenswith{ publicMetadata: { displayName: "Jane", plan: "pro" }, serverContext: { identity: { user_id: "user_123" }, attributes: { user: { name: "Jane", email: "jane@example.com" } } } } - Your backend returns the token to your frontend
- Frontend uses the token to call
/client/*endpoints
POST
JavaScript
Authorizations
API Key or Personal Access Token (PAT). When using PAT, include X-Project header.
Body
application/json
Public metadata (display name, plan, etc.) exposed via GET /client/token. For agent identity/attributes use serverContext.
Agent-facing context (identity, attributes, pass-through). Only accessible to agents/handlers, never exposed to client. Same shape as request context for chat/invoke.
Time-to-live in seconds. Default: 3600 (1 hour). Max: 86400 (24 hours).
Required range:
0 < x <= 86400