Calling this endpoint creates a new access token for the user. Extole will attempt to detect who the user is (based on cookies, browser fingerprint, etc.) and provide them an access token with the greatest number of capabilities possible. If Extole is unable to recognize the user, the access token will only have the UPDATE_PROFILE capability available.
Important Note
You must use your Extole-specific instance URL instead of 'client.extole.io' in your request.
Program Domain
Whenever you call the Extole Customer API, you must update the URL with your program domain.
For example, the URL for the Create Token endpoint is <https://client.extole.io/api/v5/token>. To successfully call this endpoint, replace client with your program domain. In other words, if Test Company were to call this endpoint, they would use the URL <https://testcompany.extole.io/api/v5/token>.
You can find your program domain in the Tech Center of the My Extole .
Scopes
Providing only an email address returns a token with limited scope. The token will only allow access to events and actions associated with the device. Providing a JWT securely asserts the identity of the user and returns a token with heightened access scope. The token will allow access to events and actions across all related devices.
Read about our levels and methods of verification.
Response Data Fields
| Field | Description |
|---|---|
access_token(string) | A random access token assigned to the user. |
expires_in(string) | The number of seconds in which the token expires. Generally the token will expire after 30 days, but this value may change based on configuration. |
scope(array) | List of capabilities the token allows the associated consumer to perform. View all scopes. |