Skip to content
POLST Developer Docs

Issue a TAI access + refresh token pair for a device.

POST
/auth/token

Authenticates the caller via X-API-Key-ID + X-API-Key-Secret headers and issues a short-lived access token (1 hour) plus a rotating refresh token scoped to (app, externalDeviceId). Omit scopes to receive the app’s full configured scope set.

Authorizations

Section titled “Authorizations ”

Parameters

Section titled “ Parameters ”

Header Parameters

Section titled “Header Parameters ”
X-API-Key-ID
required
string
>= 1 characters

Trusted App API key id (format pol_tai_<24 base64url>).

X-API-Key-Secret
required
string
>= 1 characters

Trusted App API key secret (64 hex). Never logged, never echoed.

Request Body required

Section titled “Request Body required ”
object
externalDeviceId
required
string
>= 1 characters <= 255 characters
scopes
Array<string>
>= 1 items
Allowed values: view vote manage analytics

Responses

Section titled “ Responses ”

200

Section titled “200 ”

Token pair issued.

object
accessToken
required
string
refreshToken
required
string
expiresIn
required
integer
> 0 <= 9007199254740991
tokenType
required
string
Allowed value: Bearer
scopes
required
Array<string>

400

Section titled “400 ”

Validation error or scope not allowed.

object
error
required
object
code
required
string
message
required
string
details
Any of:
object
key
additional properties

401

Section titled “401 ”

Invalid API key credentials.

object
error
required
object
code
required
string
message
required
string
details
Any of:
object
key
additional properties

429

Section titled “429 ”

Rate limit exceeded.

object
error
required
object
code
required
string
message
required
string
details
Any of:
object
key
additional properties