Skip to main content
POST
/
partner
/
oauth
/
token
curl -X POST \
  -H 'X-ClientId: ${client_id}' \
  -H 'Accept-Version: v4.0' \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer ${access_token}' \
  https://api.thanxsandbox.com/partner/oauth/token \
  -d '{
    "merchant_id": "k2lye10h32l5wzo",
    "email": "example@example.com",
    "expires_in": 3600
  }'

{
  "access_token": "945148251b603ae34561d90acfe4050e67494d6d1e65d4d3d52798407f03c0bd",
  "token_type": "Bearer",
  "scope": "passwordless",
  "created_at": 1577836800,
  "expires_in": 3600
}

Documentation Index

Fetch the complete documentation index at: https://docs.thanx.com/llms.txt

Use this file to discover all available pages before exploring further.

Scope required: auth.create
This endpoint allows for the programmatic generation of an API access token for a given user. This access token can then be used with the Consumer API or the Loyalty API. Programmatic generation of access tokens on behalf of users is designed to support integration partners using custom authentication mechanisms. This allows for generation of access tokens that can be used with either the consumer or loyalty APIs depending on the integration use-case. This enables integration partners to have complete flexibility in their management of user authentication - using Thanx Auth, a self-hosted authentication implementation, or a third-party authentication provider.

Parameters

merchant_id
string
required
Merchant ID
user_id
string
Thanx User ID. One of user_id, email, or phone must be specified.
email
string
Email address. One of user_id, email, or phone must be specified.
phone
string
Phone number in E.164 format (e.g. +14155551212). One of user_id, email, or phone must be specified.
expires_in
integer
The number of seconds after which this access token will expire. Defaults to no expiration for integrations that require long-lived access tokens. If your integration does not require long-lived access tokens, we highly recommend this value to be specified. The allowed values are between 60s and 3600s (1 hour).
Phone numbers must be in E.164 format with the country code prefix (e.g. +14155551212). For US numbers and US territories, the prefix is +1, including Puerto Rico (787/939), USVI (340), Guam (671), Northern Mariana Islands (670), and American Samoa (684). Numbers without the country code prefix may be parsed as international and return Unknown user.

Response

access_token
string
The user’s access token, for use in accessing the Consumer API
token_type
string
The type of token, “Bearer”
scope
string
The API scopes granted to the access token
created_at
integer
The number of seconds since the epoch
expires
integer
The number of seconds after which this access token will expire
curl -X POST \
  -H 'X-ClientId: ${client_id}' \
  -H 'Accept-Version: v4.0' \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer ${access_token}' \
  https://api.thanxsandbox.com/partner/oauth/token \
  -d '{
    "merchant_id": "k2lye10h32l5wzo",
    "email": "example@example.com",
    "expires_in": 3600
  }'

{
  "access_token": "945148251b603ae34561d90acfe4050e67494d6d1e65d4d3d52798407f03c0bd",
  "token_type": "Bearer",
  "scope": "passwordless",
  "created_at": 1577836800,
  "expires_in": 3600
}