Create Access Token
Overview
The CreateAccessToken RPC generates a short-lived authentication token for connector API access. These tokens expire quickly (typically 1 hour) and can be safely used in client applications without exposing your main API credentials.
Business Use Case: When building client-side payment flows (browser checkout, mobile apps), you need to give clients limited access to the payment processor without exposing your full API keys. This RPC generates temporary tokens that clients can use for operations like card tokenization.
Purpose
Why use short-lived access tokens?
Browser checkout
API keys exposed in JavaScript
Temporary token with limited scope
Mobile apps
API keys in app bundle
Token generated per session
Third-party integrations
Full API access granted
Scoped token with expiration
Key outcomes:
Temporary access token (1 hour typical)
Limited scope permissions
Safe for client-side use
Automatic expiration
Request Fields
merchant_access_token_id
string
Yes
Your unique token reference
connector
Connector
Yes
Target connector (STRIPE, ADYEN, etc.)
metadata
SecretString
No
Additional metadata for the connector
connector_feature_data
SecretString
No
Connector-specific metadata
test_mode
bool
No
Generate test/sandbox token
Response Fields
access_token
SecretString
The access token string (e.g., "pk_live_...")
token_type
string
Token type (e.g., "Bearer", "Basic")
expires_in_seconds
int64
Expiration timestamp (Unix epoch)
status
OperationStatus
Status of token creation
error
ErrorInfo
Error details if creation failed
status_code
uint32
HTTP-style status code
merchant_access_token_id
string
Your token reference (echoed back)
Example
Request (grpcurl)
Response
Next Steps
CreateSessionToken - Create session tokens for payment flows
CreateSdkSessionToken - Initialize wallet payment sessions
Last updated
Was this helpful?