Skip to content
Northwestern Laravel Starter

Create an access token

POST
/api/v1/me/tokens
 
curl --request POST \
  --url https://example.com/api/v1/me/tokens \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{ "name": "CI deploy token", "expires_at": 1751328000, "allowed_ips": [ "198.51.100.0/25" ] }'

Authorizations

Section titled “Authorizations ”

Request Body required

Section titled “Request Body required ”
Media type application/json
object
name
required

Friendly name for the token so you can identify it later.

string
Example 
CI deploy token
expires_at

UTC timestamp (seconds) for when the token should expire. Must be at least 24 hours in the future.

integer format: int64
nullable
Example 
1751328000
allowed_ips

Optional allowlist of IPs or CIDR ranges that can use this token.

Array<string>
nullable

Responses

Section titled “ Responses ”

201

Section titled “201 ”

Access token created. The plain bearer token is only returned once.

Media type application/json
object
data
required
object
id
required
integer format: int64
name
required
string
status
required

Operational status of the token, derived from revocation and expiration timestamps.

string
Allowed values: active expired revoked
last_used_at

When this token was last used (null if never used).

string format: date-time
nullable
usage_count
required
integer
expires_at

When this token expires. Null means the token does not expire.

string format: date-time
nullable
created_at
required
string format: date-time
allowed_ips

Optional list of IPs or CIDR ranges allowed to use this token.

Array<string>
nullable
meta
required
object
bearer_token
required

The full bearer token. This is only returned once and cannot be retrieved again.

string
message
required
string
Example 
{
  "data": {
    "id": 23145,
    "name": "CI Deployments",
    "status": "active",
    "last_used_at": null,
    "usage_count": 0,
    "expires_at": null,
    "created_at": "2025-03-01T18:11:00Z",
    "allowed_ips": [
      "10.0.0.0/24",
      "203.0.113.12"
    ]
  },
  "meta": {
    "bearer_token": "YiRqNBToe7EIXAnmtCB3a9gAwHNh0xXZUX3A9zARG5CWKUcDhRn4U9qGcG3q7TwB",
    "message": "Token generated successfully. Store the bearer token immediately; it will not be shown again."
  }
}

401

Section titled “401 ”

Missing or invalid bearer token.

Media type application/json

Standard RFC 9457 problem details envelope.

object
type
required

RFC 9457 compliant problem details response builder.

string format: uri
title
required
string
status
required
integer
detail
string
nullable
instance
required
string format: uri-reference
trace_id

Unique identifier for the API request (if available).

string
nullable
Example 
{
  "type": "about:blank",
  "title": "Unauthorized",
  "status": 401,
  "detail": "Authentication failed",
  "instance": "/api/v1/me",
  "trace_id": "b4f5aa7a-1470-4d92-8d3c-98e7c7de9f5f"
}

422

Section titled “422 ”

Validation failed for the supplied token attributes.

Media type application/json
object
type
required

RFC 9457 compliant problem details response builder.

string format: uri
title
required
string
status
required
integer
detail
string
nullable
instance
required
string format: uri-reference
trace_id

Unique identifier for the API request (if available).

string
nullable
errors

Validation errors keyed by input field.

object
key
additional properties
Array<string>
Example 
{
  "type": "about:blank",
  "title": "Unauthorized",
  "status": 401,
  "detail": "Authentication failed",
  "instance": "/api/v1/me",
  "trace_id": "b4f5aa7a-1470-4d92-8d3c-98e7c7de9f5f",
  "errors": {
    "name": [
      "The name field is required."
    ],
    "expires_at": [
      "The expires at must be at least 24 hours from now."
    ]
  }
}