Generate access token

post

https://api.sumsub.com/resources/accessTokens/sdk

Overview

Use this method to generate a new access token:

When integrating with the WebSDK and MobileSDK where an access token authentication is required.
When it is required for applicant actions.

The lifespan of a token depends upon the value specified in the ttlInSecs field.

🚧
Important

To initialize the SDKs for the Sandbox environment, make sure to use the App token and Secret key pair that was created in Sandbox mode for request authorization headers.

Access tokens for applicants have limited access to the API. For example, a single access token is only valid for one applicant and cannot access other applicants.

Request example

curl --request POST \
     --url https://api.sumsub.com/resources/accessTokens/sdk \
     --header 'content-type: application/json' \
     --data '
            {
              "applicantIdentifiers": {
                "email": "[email protected]",
                "phone": "555-1111"
              },
              "ttlInSecs": 600,
              "userId": "johndoeID",
              "levelName": "basic-kyc-level"
            }
      '

Response explained

In the response, you will get a new token for the specified applicant.

The following fields are returned:

Field	Description
`token`	The access token generated upon execution of the request.
`userId`	The unique applicant identifier on your side as specified in the request.

The following is a response example in case the request is sent and processed correctly:

{
  "token": "_act-b8ebfb63-5f24-4b89-9c08-000000000000",
  "userId": "johndoeID"
}

If the request fails, you will receive an HTTP response containing an error code along with a message explaining the error. For example:

{
  "description": "Request signature mismatch",
  "code": 401,
  "correlationId": "f677f38a9998b13c572a2a0000000000",
  "errorCode": 4003,
  "errorName": "app-token-signature mismatch"
}

Body Params

userId

string

required

Unique applicant identifier on your side that will be bound to the token. It correlates to the externalUserId of the applicant.

levelName

string

required

Name of the verification level. The level determines the verification steps the applicant must complete and the documents that are required for verification.

⚠️ Mind the following:

A level has to be created in the same environment. For example, in the Sandbox mode, you may not be able to use a level configured to be only available in the Production environment.
A level name is case-sensitive. Kyc-level and kyc-level are considered as completely different level names. The system does not allow creating an applicant with the level name that does not exist.
The system does not allow creating a company profile with a level for individuals and vice versa.

applicantIdentifiers

object

Contains the information about the applicant email address and phone number. When specified, the applicant email address and phone number will be automatically added to the applicant profile.

externalActionId

string

Unique applicant action identifier on your side that will be bound to the token.

⚠️ Only required when generating an access token for applicant actions. Do not use for standard levels.

ttlInSecs

int32

Defaults to 600

Lifespan of the generated token in seconds. Default value is 10 mins.