Last Updated: 12/17/2025
title: Handler Auth covers:
- ‘openapi:SrcRoutesAuthService_handler’ tags:
- api
- handler
- auth description: API reference for Handler Auth
Handler Auth
Overview
This endpoint generates authentication tokens for users. It creates a cryptographically secure random token that expires after one hour.
Operation ID: SrcRoutesAuthService_handler
Request
HTTP Method
POST /auth/tokenParameters
None
Request Body
The request body must be JSON with the following structure:
| Field | Type | Required | Description |
|---|---|---|---|
userId | string | Yes | The unique identifier for the user requesting a token |
Schema:
{
"userId": "string"
}Response
Success Response
Status Code: 200 OK
Response Body:
| Field | Type | Description |
|---|---|---|
token | string | A 64-character hexadecimal authentication token |
expiresInSeconds | number | Token expiration time in seconds (3600 = 1 hour) |
Schema:
{
"token": "string",
"expiresInSeconds": 3600
}Error Responses
Status Code: 400 Bad Request
Returned when the userId field is missing from the request body.
Response Body:
{
"error": "userId is required"
}Examples
Request Example
curl -X POST https://api.example.com/auth/token \
-H "Content-Type: application/json" \
-d '{"userId": "user123"}'Response Example
Success Response:
{
"token": "a3f5c8e9d2b1f4a7c6e8d9f0b2c4e6a8b9d0f1c2e3f4a5b6c7d8e9f0a1b2c3d4",
"expiresInSeconds": 3600
}Error Response:
{
"error": "userId is required"
}Notes
- The token is generated using
crypto.randomBytes(32)and encoded as a 64-character hexadecimal string, providing 256 bits of entropy - Tokens expire after 3600 seconds (1 hour)
- No authentication is required to call this endpoint
- The endpoint does not validate the
userIdformat or check if the user exists - Token storage and validation must be handled separately by the consuming application