API:2/createsubtoken

From Guild Wars 2 Wiki
Jump to navigationJump to search

/v2/createsubtoken

HTTP method
GET
Format
json
API version
version 2
Release date
2019-05-20
Scope
account
Optional
none

This resource allows for the creation of Subtokens; essentially API keys with a more limited set of permissions, which can be used as a substitute for them.

Parameters

  • access_token - (optional) If the API key is not specified in the request header, it can be specified here.
  • expire - An ISO-8601 datetime specifing when the generated Subtoken will expire.
  • permissions - A comma separated list of permissions to inherit.
    • Unrecognized permissions as well as permissions that are specified but are not granted to the API Key used in the Request are silently ignored.
    • v2/tokeninfo may be queried for a list of avaiable choices to use for a given API key.
  • urls - (optional) A comma separated list of Endpoints that will be accessible using this Subtoken.
    • If no Endpoints are specified all Endpoints, not otherwise limited by 'permissions', will be accessible.

Response

  • subtoken (string) - A JSON Web Token which can be used like an API key but only with the requested limitations.

Examples

Request

 https://api.guildwars2.com/v2/createsubtoken?expire=2019-05-23T10:00:00+02:00&permissions=account
 Authorization: Bearer <access token>

Response

{
  "subtoken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJreDRIWmhNMjQtZkhvVXIwbHZlZGxWVnRIWUIxQzh1emhlUjROOElSM2NjIiwiaWF0IjoxNTU4NTk3OTkxLCJleHAiOjE1NTg1OTg0MDAsInBlcm1pc3Npb25zIjpbImFjY291bnQiXX0._Ya5wUDuhTUdxunay01vs1BXOIvd_U3m94RzHAex8cU"
}

Request

 https://api.guildwars2.com/v2/createsubtoken?expire=2019-05-23T11:20:42+02:00&permissions=account,inventories&urls=/v2/account/bank,/v2/account/inventory
 Authorization: Bearer <access token>

Response

{
  "subtoken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiItT2V3LThjZkYtX2s5a1ZBM1dCZnVpWkhaT1AzSU1pSHA1cEVXZjNuZTJjIiwiaWF0IjoxNTU4NjAzMTA1LCJleHAiOjE1NTg2MDMyNDIsInBlcm1pc3Npb25zIjpbImFjY291bnQiLCJpbnZlbnRvcmllcyJdLCJ1cmxzIjpbIi92Mi9hY2NvdW50L2JhbmsiLCIvdjIvYWNjb3VudC9pbnZlbnRvcnkiXX0.vLvKn8Arn0dlp4i-VR9S5bukm_sMDhLVT-5VXzc9bSg"
}

Notes

  • If the API Key used to create a Subtoken is deleted it too will be invalid.
  • It is possible to use a Subtoken to create other Subtokens.
  • Unlike with API Keys it is possible to create a Subtoken without the 'account' Scope, though doing so will effectively render it useless.

References