Session Tokens
Generate Session Token
Issue a session token for a linked account.
POST
Issue a JWT session token (and refresh token) for a linked account. Session tokens authenticate hosted and Connect frontends that should never hold your API key — the token itself encodes the org, linked account, and environment.
By default an existing valid token is reused; pass
force_refresh=true to always mint a new one. Token TTL is determined by service configuration.
Authentication
Your Refold API key. Find it in Settings → Credentials.
Query Parameters
When
true, always issues a new token instead of reusing an existing valid one.Body Parameters
The linked account to issue the token for.Example:
user_12345Response
- 200 OK
- 400 Bad Request