post https://api.sumsub.com/resources/accessTokens/sdk
Overview
Use this method to generate a new access token:
- When integrating with the WebSDK and MobileSDK where an access token authentication is required.
- When it is required for applicant actions.
The lifespan of a token depends upon the value specified in the
ttlInSecs
field.
Important
- To initialize the SDKs for the Sandbox environment, make sure to use the App token and Secret key pair that was created in Sandbox mode for request authorization headers.
- Access tokens for applicants have limited access to the API. For example, a single access token is only valid for one applicant and cannot access other applicants.
Request example
curl --request POST \
--url https://api.sumsub.com/resources/accessTokens/sdk \
--header 'content-type: application/json' \
--data '
{
"ttlInSecs": 600,
"userId": "johndoeID",
"levelName": "basic-kyc-level"
}
'
Response explained
In the response, you will get a new token for the specified applicant.
The following fields are returned:
Field | Description |
---|---|
token | The access token generated upon execution of the request. |
userId | The unique applicant identifier on your side as specified in the request. |
The following is a response example in case the request is sent and processed correctly:
{
"token": "_act-b8ebfb63-5f24-4b89-9c08-000000000000",
"userId": "johndoeID"
}
If the request fails, you will receive an HTTP response containing an error code along with a message explaining the error. For example:
{
"description": "Request signature mismatch",
"code": 401,
"correlationId": "f677f38a9998b13c572a2a0000000000",
"errorCode": 4003,
"errorName": "app-token-signature mismatch"
}