Skip to main content
POST
/
token
/
create
/
user
Creating User Tokens using Company Token
curl --request POST \
  --url https://stagingstores.xoxoday.com/chef/v1/oauth/token/create/user \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "user_input": "your.email@example.com",
  "scope": "user_session"
}
'
{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "bearer",
  "expires_in": 1296000,
  "refresh_token": "dGhpcyBpcyBhIHJlZnJlc2ggdG9rZW4...",
  "access_token_expiry": 1718000000000,
  "refresh_token_expiry": 1720000000000
}

Creating user tokens API schema

PropertyTypeDescription
user_inputStringSuper Admin email address.
scopeStringPermission scope being assigned/validated (e.g., user_session).

Response Schema

PathTypeDescription
access_tokenstringNewly generated access token for the user.
token_typestringAlways "bearer".
expires_innumberToken validity duration in seconds.
refresh_tokenstringToken used to regenerate a new access token once expired.
access_token_expirynumberEpoch timestamp (ms) when the access token expires.
refresh_token_expirynumberEpoch timestamp (ms) when the refresh token expires.

Authorizations

Authorization
string
header
required

Authorization: Bearer <access_token>

Body

application/json
user_input
string<email>
required

Super Admin email address.

Example:

"your.email@example.com"

scope
string
required

Permission scope being assigned. Use user_session.

Example:

"user_session"

Response

User-scoped tokens issued successfully.

access_token
string

Newly generated access token.

token_type
string
Example:

"bearer"

expires_in
integer

Access token validity in seconds.

refresh_token
string

New refresh token (old one is immediately invalidated).

access_token_expiry
number

Epoch timestamp (ms) when the access token expires.

refresh_token_expiry
number

Epoch timestamp (ms) when the refresh token expires.