App Access Tokens .: Create

API Reference / v15

Create an App Access Token for Permissions Request Creation

Given valid credentials, this endpoint returns an access token which may be used to authorize permissions requests. This endpoint is only for apps that want to manually create permissions requests. Most apps should take advantage of our OAuth or OpenID Connect flows instead.

Request Endpoint

POST /v15/access_tokens

No Authorization Required


NOTE: Make sure you never, ever (not even once) include your App Secret Key in client-side or decompilable code! Also ensure that the client_secret is never checked in to any source control (git, mercurial etc).

Request Body

  "api_key": "23eef8c2895ce66eb4500bb5e324b200f5339e6fe6d8665f6de0205f43f3b563",
  "client_secret": "4d71e958b9fb6a62af624390c4ef394df15d168ea12b3b12735643ff0694520f"

Request Parameters

Parameter Type Required Description
api_key String Yes Your API Key.
client_secret String Yes Your App Secret Key.

cURL Example

curl \
  -iH 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -d '{
        "api_key": "23eef8c2895ce66eb4500bb5e324b200f5339e6fe6d8665f6de0205f43f3b563",
        "client_secret": "4d71e958b9fb6a62af624390c4ef394df15d168ea12b3b12735643ff0694520f"

Example Response Body

  "access_token": {
    "app_id": 20,
    "merchant_id": null,
    "token": "1061-c6b2aa0c3062c4c019ea08a1143c782c20b32467ad35faaa14e19d72c0ba68",
    "user_id": null

Response Parameters

Parameters Type Description
app_id Integer The LevelUp App ID
merchant_id Integer Null
token String Access token for the associated app (100 bytes maximum)
user_id Integer Null

You will want to store the app_id and token as they will be used in subsequent calls to LevelUp.

The app access token will remain valid indefinitely.


HTTP/1.1 422 Unprocessable Entity - API Key not found

    "error": {
      "message": "API Key is invalid.",
      "object": "access_token",
      "property": "api_key"