Issue a member-scoped bearer token
Exchange the tenant API key plus a partner-scoped `user_id` for a short-lived member bearer token. The token (TTL: 1 hour) is forwarded to the partner's client and used as `Authorization: Bearer <token>` on every member-scoped call. Renew proactively before expiry or reactively on `401 unauthorized`. The tenant API key must remain on partner-controlled backend infrastructure — never embed it in mobile or browser clients.
Authorization
OrgId Tenant identifier resolved by Kong from the authenticated taih-tenant-key. Required on partner-scoped routes (e.g. POST /v1/users, POST /v1/auth/token, /v1/admin/*). In production Kong injects this header after validating the tenant key; local-dev callers must set it themselves.
In: header
Header Parameters
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
Response Body
application/json
application/json
curl -X POST "https://loading/v1/auth/token" \ -H "Content-Type: application/json" \ -d '{ "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5" }'{
"data": {
"access_token": "string",
"token_type": "Bearer",
"expires_in": 3600
}
}{
"detail": [
{
"loc": [
"string"
],
"msg": "string",
"type": "string"
}
]
}API reference
Interactive reference for every Partner API endpoint — live try-it panel, request/response schemas, and auto-generated code samples.
Rotate the tenant API key
Issue a new tenant API key while keeping the previous key valid for a configurable grace period (default 24h, max 7 days). Partners deploy the new key to every backend service before the old one is revoked, enabling zero-downtime rotation. The new key is returned exactly once — store it immediately in a secret manager. **Status: not yet implemented.** Returns `503 service_unavailable` with `Retry-After: 86400`. Manual rotation is available — contact your TAIH integration contact.