API:2/createsubtoken
From Guild Wars 2 Wiki
< API:2
Jump to navigationJump to search
/v2/createsubtoken
- HTTP method
- GET
- Format
- json
- API version
- version 2
- Release date
- 2019-05-20
- Scope
- account
- Optional
- none
This resource allows for the creation of Subtokens; essentially API keys with a more limited set of permissions, which can be used as a substitute for them.
Parameters
access_token- (optional) If the API key is not specified in the request header, it can be specified here.expire- An ISO-8601 datetime specifing when the generated Subtoken will expire. The token expiry date may not exceed one year from creation - attempting to specify a longer expiry date will result in the expiry being clamped at one year.permissions- A comma separated list of permissions to inherit.- Unrecognized permissions as well as permissions that are specified but are not granted to the API Key used in the Request are silently ignored.
- v2/tokeninfo may be queried for a list of avaiable choices to use for a given API key.
urls- (optional) A comma separated list of Endpoints that will be accessible using this Subtoken.- If no Endpoints are specified all Endpoints, not otherwise limited by 'permissions', will be accessible.
Response
subtoken(string) - A JSON Web Token which can be used like an API key but only with the requested limitations.
Examples
Request
https://api.guildwars2.com/v2/createsubtoken?expire=2019-05-23T10:00:00+02:00&permissions=account Authorization: Bearer <access token>
Response
{
"subtoken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJreDRIWmhNMjQtZkhvVXIwbHZlZGxWVnRIWUIxQzh1emhlUjROOElSM2NjIiwiaWF0IjoxNTU4NTk3OTkxLCJleHAiOjE1NTg1OTg0MDAsInBlcm1pc3Npb25zIjpbImFjY291bnQiXX0._Ya5wUDuhTUdxunay01vs1BXOIvd_U3m94RzHAex8cU"
}
Request
https://api.guildwars2.com/v2/createsubtoken?expire=2019-05-23T11:20:42+02:00&permissions=account,inventories&urls=/v2/account/bank,/v2/account/inventory Authorization: Bearer <access token>
Response
{
"subtoken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiItT2V3LThjZkYtX2s5a1ZBM1dCZnVpWkhaT1AzSU1pSHA1cEVXZjNuZTJjIiwiaWF0IjoxNTU4NjAzMTA1LCJleHAiOjE1NTg2MDMyNDIsInBlcm1pc3Npb25zIjpbImFjY291bnQiLCJpbnZlbnRvcmllcyJdLCJ1cmxzIjpbIi92Mi9hY2NvdW50L2JhbmsiLCIvdjIvYWNjb3VudC9pbnZlbnRvcnkiXX0.vLvKn8Arn0dlp4i-VR9S5bukm_sMDhLVT-5VXzc9bSg"
}
Notes
- If the API Key used to create a Subtoken is deleted it too will be invalid.
- It is possible to use a Subtoken to create other Subtokens.
- Unlike with API Keys it is possible to create a Subtoken without the 'account' Scope, though doing so will effectively render it useless.
