Issue customer access token

Issues a secure access token for an OEM customer user. The token grants access to specified permissions and can be configured with custom expiration times (in minutes, hours, or days). Account ID is derived from authorization.

Header Parameters
`PubNub-Version` string — REQUIRED Possible values: [`2026-02-09`]

Request Body — REQUIRED
`permissions` string[] — REQUIRED Possible values: [`business-object:read`, `business-object:write`, `business-object:update:activation`, `business-object:write:config`, `business-object:update:map`, `dashboard:read`, `dashboard:write`, `decision:read`, `decision:read:config`, `decision:read:rule`, `decision:write`, `decision:update:activation`, `decision:write:config`, `decision:update:rule`, `metric:read`, `metric:write`] Array of permission strings that define what the customer user can access
`expiresIn` string Possible values: Value must match regular expression `^\d+[mhd]$` Token expiration time in format: digits followed by m (minutes), h (hours), or d (days). Examples: 30m, 2h, 7d. Defaults to 1h if not provided
`externalId` string — REQUIRED The unique external identifier of the customer
`customerUserId` string — REQUIRED The unique identifier for the customer user
`appId` number — REQUIRED The application ID for which the token is being issued

Responses

200

Success

Schema — OPTIONAL
`accessToken` string The generated JWT access token for the customer user

400

Bad Request Error

Schema — OPTIONAL
`statusCode` number
`error` string Possible values: [`BadRequest`]
`message` string[]

401

UnauthorizedError

Schema — OPTIONAL
`statusCode` number
`error` string Possible values: [`Unauthorized`]
`message` string[]

403

ForbiddenError

Schema — OPTIONAL
`statusCode` number
`error` string Possible values: [`Forbidden`]
`message` string[]

404

NotFoundError

Schema — OPTIONAL
`statusCode` number
`error` string Possible values: [`NotFound`]
`message` string[]

500

InternalErrorError

Schema — OPTIONAL
`statusCode` number
`error` string Possible values: [`InternalError`]
`message` string[]

* required

PubNub-Version*

Type: string

Possible values: [2026-02-09]

* required

permissions*

Type: array

Array of permission strings that define what the customer user can access

Array items:

items

Type: string

Enum (16 values)

View all values

"business-object:read""business-object:write""business-object:update:activation""business-object:write:config""business-object:update:map""dashboard:read""dashboard:write""decision:read""decision:read:config""decision:read:rule""decision:write""decision:update:activation""decision:write:config""decision:update:rule""metric:read""metric:write"

expiresIn

Type: string

Token expiration time in format: digits followed by m (minutes), h (hours), or d (days). Examples: 30m, 2h, 7d. Defaults to 1h if not provided

Pattern: ^\d+[mhd]$

Default: "1h"

externalId*

Type: string

The unique external identifier of the customer

customerUserId*

Type: string

The unique identifier for the customer user

appId*

Type: number

The application ID for which the token is being issued

accessToken

Type: string

The generated JWT access token for the customer user

statusCode

Type: number

error

Type: string

Enum (1 values)

View all values

"BadRequest"

message

Type: array

Array items:

items

Type: string

statusCode

Type: number

error

Type: string

Enum (1 values)

View all values

"Unauthorized"

message

Type: array

Array items:

items

Type: string

statusCode

Type: number

error

Type: string

Enum (1 values)

View all values

"Forbidden"

message

Type: array

Array items:

items

Type: string

statusCode

Type: number

error

Type: string

Enum (1 values)

View all values

"NotFound"

message

Type: array

Array items:

items

Type: string

statusCode

Type: number

error

Type: string

Enum (1 values)

View all values

"InternalError"

message

Type: array

Array items:

items

Type: string

Header Parameters

Request Body

Responses