Exchange Logto token for custom JWT

POST /auth/exchange

Exchange a Logto access token for a custom JWT with embedded permissions

application/json

Body Required

  • access_token string Required

    Logto access token to exchange

Responses

  • 200 application/json

    Token exchange successful

    Hide response attributes Show response attributes object
    • code integer
    • message string
    • data object
      Hide data attributes Show data attributes object
      • token string

        JWT access token (24h)

      • refresh_token string

        Refresh token (7 days)

      • expires_in integer

        Token expiration time in seconds

      • user object
        Hide user attributes Show user attributes object
        • id string

          User ID

        • logto_id string | null

          Logto user ID

        • username string

          Username

        • email string(email)

          User email address

        • name string

          Full name

        • phone string | null

          Phone number

        • user_roles array[string]

          User role names

        • user_role_ids array[string]

          User role IDs

        • user_permissions array[string]

          User permissions from roles

        • org_role string

          Organization role name

        • org_role_id string

          Organization role ID

        • org_permissions array[string]

          Organization permissions

        • organization_id string

          Organization ID

        • organization_name string

          Organization name
  • 400 application/json

    Bad request - validation error

    Hide response attributes Show response attributes object
    • code integer

      HTTP error code

    • message string

      Error message

    • data object
      Hide data attributes Show data attributes object
      • type string

        Type of error

        Values are validation_error or external_api_error.

      • errors array[object]
        Hide errors attributes Show errors attributes object
        • key string

          Field name that failed validation

        • message string

          Error code or message

        • value string

          Value that failed validation

      • details

        Additional error details
  • 401 application/json

    Unauthorized - invalid or missing token

    Hide response attributes Show response attributes object
    • code integer
    • message string
    • data object | null
POST /auth/exchange 
curl \
 --request POST 'https://collect.your-domain.com/api/auth/exchange' \
 --header "Content-Type: application/json" \
 --data '{"access_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9..."}'
Request examples 
{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9..."
}
Response examples (200) 
{
  "code": 200,
  "message": "token exchange successful",
  "data": {
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "expires_in": 86400,
    "user": {
      "id": "user_123456789",
      "logto_id": "user_abc123def456",
      "username": "john.doe",
      "email": "john@example.com",
      "name": "John Doe",
      "phone": "+39 333 123456",
      "user_roles": [
        "Admin"
      ],
      "user_role_ids": [
        "rol_admin_id_123"
      ],
      "user_permissions": [
        "destroy:systems",
        "manage:systems",
        "read:systems"
      ],
      "org_role": "Owner",
      "org_role_id": "org_rol_owner_456",
      "org_permissions": [
        "create:distributors",
        "manage:distributors"
      ],
      "organization_id": "org_123",
      "organization_name": "ACME Distribution"
    }
  }
}
Response examples (400) 
{
  "code": 400,
  "message": "validation failed",
  "data": {
    "type": "validation_error",
    "errors": [
      {
        "key": "username",
        "message": "required",
        "value": "string"
      }
    ]
  }
}
Response examples (401) 
{
  "code": 401,
  "message": "invalid token",
  "data": {}
}