Skip to main content
POST
/
access-tokens
Issue a new access token.
curl --request POST \
  --url https://aws.s2.dev/v1/access-tokens \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "id": "<string>",
  "scope": {
    "access_tokens": {
      "exact": "<string>"
    },
    "basins": {
      "exact": "<string>"
    },
    "op_groups": {
      "account": {
        "read": false,
        "write": false
      },
      "basin": {
        "read": false,
        "write": false
      },
      "stream": {
        "read": false,
        "write": false
      }
    },
    "ops": [],
    "streams": {
      "exact": "<string>"
    }
  }
}
'
{
  "access_token": "<string>"
}

Access token concepts

Review token scopes, permissions, expiry, and revocation behavior.

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your access token.

Body

application/json
id
string
required

Access token ID. It must be unique to the account and between 1 and 96 bytes in length.

Required string length: 1 - 96
scope
object
required

Access token scope.

auto_prefix_streams
boolean
default:false

Namespace streams based on the configured stream-level scope, which must be a prefix. Stream name arguments will be automatically prefixed, and the prefix will be stripped when listing streams.

expires_at
string<date-time> | null

Expiration time in RFC 3339 format. If not set, the expiration will be set to that of the requestor's token.

Response

access_token
string
required

Created access token.