vercel-logotype Logovercel-logotype Logo
authentication
Reference

Authentication

Create an Auth Token

post/v3/user/tokens

Creates and returns a new authentication token for the currently authenticated User. The bearerToken property is only provided once, in the response body, so be sure to save it on the client for use with API requests.

Optional params

fetch-request

1
await fetch("https://api.vercel.com/v3/user/tokens?slug=SOME_STRING_VALUE&teamId=SOME_STRING_VALUE", {
2
  "body": {
3
    "name": "SOME_STRING_VALUE",
4
    "expiresAt": "SOME_NUMBER_VALUE"
5
  },
6
  "headers": {
7
    "Authorization": "Bearer <TOKEN>"
8
  },
9
  "method": "post"
10
})

Parameters

Query ParameterDescription

slug

string

The Team slug to perform the request on behalf of.

teamId

string

The Team identifier to perform the request on behalf of.

Response

Successful response.

  • bearerTokenstringRequired
    The authentication token's actual value. This token is only provided in this response, and can never be retrieved again in the future. Be sure to save it somewhere safe!

    Example: uRKJSTt0L4RaSkiMj41QTkxM

  • tokenRequired

Response Codes

CodeDescription
200Successful response.
400One of the provided values in the request body is invalid.
401
403You do not have permission to access this resource.

Delete an authentication token

delete/v3/user/tokens/{tokenId}

Invalidate an authentication token, such that it will no longer be valid for future HTTP requests.

Optional params

fetch-request

1
await fetch("https://api.vercel.com/v3/user/tokens/5d9f2ebd38ddca62e5d51e9c1704c72530bdc8bfdd41e782a6687c48399e8391", {
2
  "headers": {
3
    "Authorization": "Bearer <TOKEN>"
4
  },
5
  "method": "delete"
6
})

Parameters

Path ParameterDescription

tokenId

string

required
The identifier of the token to invalidate. The special value "current" may be supplied, which invalidates the token that the HTTP request was authenticated with.
Example:5d9f2ebd38ddca62e5d51e9c1704c72530bdc8bfdd41e782a6687c48399e8391

Response

Authentication token successfully deleted.

  • tokenIdstringRequired
    The unique identifier of the token that was deleted.

    Example: 5d9f2ebd38ddca62e5d51e9c1704c72530bdc8bfdd41e782a6687c48399e8391

Response Codes

CodeDescription
200Authentication token successfully deleted.
400One of the provided values in the request query is invalid.
401
403You do not have permission to access this resource.
404Token not found with the requested tokenId.

SSO Token Exchange

post/v1/integrations/sso/token

During the autorization process, Vercel sends the user to the provider redirectLoginUrl, that includes the OAuth authorization code parameter. The provider then calls the SSO Token Exchange endpoint with the sent code and receives the OIDC token. They log the user in based on this token and redirects the user back to the Vercel account using deep-link parameters included the redirectLoginUrl. This is used to verify the identity of the user during the Open in Provider flow. Providers should not persist the returned id_token in a database since the token will expire.

Optional params

fetch-request

1
await fetch("https://api.vercel.com/v1/integrations/sso/token", {
2
  "body": {
3
    "client_id": "SOME_STRING_VALUE",
4
    "client_secret": "SOME_STRING_VALUE",
5
    "code": "SOME_STRING_VALUE",
6
    "redirect_uri": "SOME_STRING_VALUE",
7
    "state": "SOME_STRING_VALUE"
8
  },
9
  "headers": {
10
    "Authorization": "Bearer <TOKEN>"
11
  },
12
  "method": "post"
13
})

Parameters

Body ParameterDescription

client_id

string

required
The integration client id

client_secret

string

required
The integration client secret

code

string

required
The sensitive code received from Vercel

redirect_uri

string

The integration redirect URI

state

string

The state received from the initialization request

Response

  • access_tokenRequired
  • id_tokenstringRequired
  • token_typeRequired

Response Codes

CodeDescription
200
400One of the provided values in the request body is invalid.
404
500

Get Auth Token Metadata

get/v5/user/tokens/{tokenId}

Retrieve metadata about an authentication token belonging to the currently authenticated User.

Optional params

fetch-request

1
await fetch("https://api.vercel.com/v5/user/tokens/5d9f2ebd38ddca62e5d51e9c1704c72530bdc8bfdd41e782a6687c48399e8391", {
2
  "headers": {
3
    "Authorization": "Bearer <TOKEN>"
4
  },
5
  "method": "get"
6
})

Parameters

Path ParameterDescription

tokenId

string

required
The identifier of the token to retrieve. The special value "current" may be supplied, which returns the metadata for the token that the current HTTP request is authenticated with.
Example:5d9f2ebd38ddca62e5d51e9c1704c72530bdc8bfdd41e782a6687c48399e8391

Response

Successful response.

  • tokenRequired

Response Codes

CodeDescription
200Successful response.
400One of the provided values in the request query is invalid.
401
403You do not have permission to access this resource.
404Token not found with the requested tokenId.

List Auth Tokens

get/v5/user/tokens

Retrieve a list of the current User's authentication tokens.

Optional params

fetch-request

1
await fetch("https://api.vercel.com/v5/user/tokens", {
2
  "headers": {
3
    "Authorization": "Bearer <TOKEN>"
4
  },
5
  "method": "get"
6
})

Parameters

Response

  • paginationRequired
  • testingToken
  • tokensarrayRequired

Response Codes

CodeDescription
200
400
401
403You do not have permission to access this resource.
Last updated on January 20, 2025
Previous
Upload a cache artifact
Next
Create an Auth Token