/auth/exchange - Exchange Logto token for custom JWT | my.nethesis.it API documentation

/auth/exchange - Exchange Logto token for custom JWT

Add MCP server to your AI tool

Allow AI tools and LLMs to interact with the API documentation portal through MCP.

MCP server URL


        
          
            https://api.my.nethesis.it/mcp

Standard setup for AI tools providing an mcp.json file

{
  "my.nethesis.it MCP server": {
    "url": "https://api.my.nethesis.it/mcp"
  }
}

POST /auth/exchange

Exchange a Logto access token for a custom JWT with embedded permissions

application/json

Body Required

access_token string Required

Logto access token to exchange

Responses

200 application/json

Token exchange successful
Hide response attributes Show response attributes object
- code integer
- message string
- data object
  
  Hide data attributes Show data attributes object
  
  token string
  
  JWT access token (24h)
  
  refresh_token string
  
  Refresh token (7 days)
  
  expires_in integer
  
  Token expiration time in seconds
  
  user object
  
  Hide user attributes Show user attributes object
  
  id string
  
  User ID
  
  logto_id string | null
  
  Logto user ID
  
  username string
  
  Username
  
  email string(email)
  
  User email address
  
  name string
  
  Full name
  
  phone string | null
  
  Phone number
  
  user_roles array[string]
  
  User role names
  
  user_role_ids array[string]
  
  User role IDs
  
  user_permissions array[string]
  
  User permissions from roles
  
  org_role string
  
  Organization role name
  
  org_role_id string
  
  Organization role ID
  
  org_permissions array[string]
  
  Organization permissions
  
  organization_id string
  
  Organization ID
  
  organization_name string
  
  Organization name
400 application/json

Bad request - validation error
Hide response attributes Show response attributes object
- code integer
  
  HTTP error code
- message string
  
  Error message
- data object
  
  Hide data attributes Show data attributes object
  
  type string
  
  Type of error
  
  Values are validation_error or external_api_error.
  
  errors array[object]
  
  Hide errors attributes Show errors attributes object
  
  key string
  
  Field name that failed validation
  
  message string
  
  Error code or message
  
  value string
  
  Value that failed validation
  
  details
  
  Additional error details
401 application/json

Unauthorized - invalid or missing token
Hide response attributes Show response attributes object
- code integer
- message string
- data object | null

POST /auth/exchange

curl \
 --request POST 'https://collect.your-domain.com/api/auth/exchange' \
 --header "Content-Type: application/json" \
 --data '{"access_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9..."}'

Request examples

{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Response examples (200)

{
  "code": 200,
  "message": "token exchange successful",
  "data": {
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "expires_in": 86400,
    "user": {
      "id": "user_123456789",
      "logto_id": "user_abc123def456",
      "username": "john.doe",
      "email": "john@example.com",
      "name": "John Doe",
      "phone": "+39 333 123456",
      "user_roles": [
        "Admin"
      ],
      "user_role_ids": [
        "rol_admin_id_123"
      ],
      "user_permissions": [
        "destroy:systems",
        "manage:systems",
        "read:systems"
      ],
      "org_role": "Owner",
      "org_role_id": "org_rol_owner_456",
      "org_permissions": [
        "create:distributors",
        "manage:distributors"
      ],
      "organization_id": "org_123",
      "organization_name": "ACME Distribution"
    }
  }
}

Response examples (400)

{
  "code": 400,
  "message": "validation failed",
  "data": {
    "type": "validation_error",
    "errors": [
      {
        "key": "username",
        "message": "required",
        "value": "string"
      }
    ]
  }
}

Response examples (401)

{
  "code": 401,
  "message": "invalid token",
  "data": {}
}