Get a token

View as MarkdownOpen in Claude
Exchange your API credentials for a **15-minute** bearer token. This is the only endpoint that does not require a token. Credentials go in the `x-client-id` and `x-api-key` **headers** — there is no request body. The service operator issues the client id and api key **once**; only a SHA-256 hash of the key is stored, so it cannot be recovered.

Authentication

x-client-idstring

API client id, issued by the service operator. Used only by /auth.

x-api-keystring

API key, issued by the service operator and shown once. Used only by /auth.

Headers

X-Request-IdstringOptional
Correlation id. Generated if omitted, echoed on every response, and written to the audit log.

Response

OK
resultobject
requestIdstring

Echo of the inbound X-Request-Id, or a generated one.

Errors

401
Unauthorized Error