Skip to main content
POST
/
tokens
Create a new API token
curl --request POST \
  --url https://api.lightspark.com/grid/2025-10-13/tokens \
  --header 'Authorization: Basic <encoded-value>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "Sandbox read-only",
  "permissions": [
    "VIEW"
  ]
}
'
{
  "id": "Token:019542f5-b3e7-1d02-0000-000000000001",
  "name": "Sandbox read-only token",
  "permissions": [
    "VIEW"
  ],
  "clientId": "01947d2284054f890000e63bca4810df",
  "createdAt": "2025-07-21T17:32:28Z",
  "updatedAt": "2025-07-21T17:32:28Z",
  "clientSecret": "ed0ad25881e234cc28fb2dec0a4fe64e4172"
}

Authorizations

Authorization
string
header
required

API token authentication using format <api token id>:<api client secret>

Body

application/json
name
string
required

Name of the token to help identify it

Example:

"Sandbox read-only"

permissions
enum<string>[]
required

A list of permissions to grant to the token

Permission of an API token that determines what actions the token can perform: VIEW: Can view all data, including platform config, customers and transactions TRANSACT: Can send payments MANAGE: Can manage platform config, api tokens and customers

Available options:
VIEW,
TRANSACT,
MANAGE

Response

API token created successfully

id
string
required

System-generated unique identifier

Example:

"Token:019542f5-b3e7-1d02-0000-000000000001"

name
string
required

Name of the token

Example:

"Sandbox read-only token"

permissions
enum<string>[]
required

A list of permissions granted to the token

Permission of an API token that determines what actions the token can perform: VIEW: Can view all data, including platform config, customers and transactions TRANSACT: Can send payments MANAGE: Can manage platform config, api tokens and customers

Available options:
VIEW,
TRANSACT,
MANAGE
clientId
string
required

An opaque identifier that should be used as a client_id (or username) in the HTTP Basic Authentication scheme when issuing http requests to Grid.

Example:

"01947d2284054f890000e63bca4810df"

createdAt
string<date-time>
required

Creation timestamp

Example:

"2025-07-21T17:32:28Z"

updatedAt
string<date-time>
required

Last update timestamp

Example:

"2025-07-21T17:32:28Z"

clientSecret
string

The secret that should be used to authenticate against Grid API. This secret is not stored and will never be available again after creation. Platform must keep this secret secure as it grants access to the account.

Example:

"ed0ad25881e234cc28fb2dec0a4fe64e4172"