Skip to main content
POST
/
access-tokens
Issue a new access token.
curl --request POST \
  --url https://aws.s2.dev/v1/access-tokens \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "id": "<string>",
  "scope": {
    "access_tokens": {
      "exact": "<string>"
    },
    "basins": {
      "exact": "<string>"
    },
    "op_groups": {
      "account": {
        "read": false,
        "write": false
      },
      "basin": {
        "read": false,
        "write": false
      },
      "stream": {
        "read": false,
        "write": false
      }
    },
    "ops": [
      "list-basins"
    ],
    "streams": {
      "exact": "<string>"
    }
  }
}
'
{
  "access_token": "<string>"
}

Documentation Index

Fetch the complete documentation index at: https://s2.dev/docs/llms.txt

Use this file to discover all available pages before exploring further.

Access token concepts

Review token scopes, permissions, expiry, and revocation behavior.

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your access token.

Body

application/json
id
string
required

Access token ID. It must be unique to the account and between 1 and 96 bytes in length.

Required string length: 1 - 96
scope
object
required

Access token scope.

auto_prefix_streams
boolean
default:false

Namespace streams based on the configured stream-level scope, which must be a prefix. Stream name arguments will be automatically prefixed, and the prefix will be stripped when listing streams.

expires_at
string<date-time> | null

Expiration time in RFC 3339 format. If not set, the expiration will be set to that of the requestor's token.

Response

access_token
string
required

Created access token.