Authenticate M2M Access Token

const stytch = require('stytch');

const client = new stytch.B2BClient({
  project_id: '${projectId}',
  secret: '${secret}',
});

const params = {
  access_token: 'eyJ...',
  required_scopes: ['write:users'],
};

client.m2m
  .authenticateToken(params)
  .then((resp) => {
    console.log(resp);
  })
  .catch((err) => {
    console.log(err);
  });

{
    "client_id": "m2m-client-test-d731954d-dab3-4a2b-bdee-07f3ad1be885",
    "scopes": ["read:users","write:users"],
    "custom_claims": {
        "contact_email": "notice@example.com"
    }
}

const stytch = require('stytch');

const client = new stytch.B2BClient({
  project_id: '${projectId}',
  secret: '${secret}',
});

const params = {
  access_token: 'eyJ...',
  required_scopes: ['write:users'],
};

client.m2m
  .authenticateToken(params)
  .then((resp) => {
    console.log(resp);
  })
  .catch((err) => {
    console.log(err);
  });

{
    "client_id": "m2m-client-test-d731954d-dab3-4a2b-bdee-07f3ad1be885",
    "scopes": ["read:users","write:users"],
    "custom_claims": {
        "contact_email": "notice@example.com"
    }
}

const stytch = require('stytch');

const client = new stytch.B2BClient({
  project_id: '${projectId}',
  secret: '${secret}',
});

const params = {
  access_token: 'eyJ...',
  required_scopes: ['write:users'],
};

client.m2m
  .authenticateToken(params)
  .then((resp) => {
    console.log(resp);
  })
  .catch((err) => {
    console.log(err);
  });

{
    "client_id": "m2m-client-test-d731954d-dab3-4a2b-bdee-07f3ad1be885",
    "scopes": ["read:users","write:users"],
    "custom_claims": {
        "contact_email": "notice@example.com"
    }
}

const stytch = require('stytch');

const client = new stytch.B2BClient({
  project_id: '${projectId}',
  secret: '${secret}',
});

const params = {
  access_token: 'eyJ...',
  required_scopes: ['write:users'],
};

client.m2m
  .authenticateToken(params)
  .then((resp) => {
    console.log(resp);
  })
  .catch((err) => {
    console.log(err);
  });

{
    "client_id": "m2m-client-test-d731954d-dab3-4a2b-bdee-07f3ad1be885",
    "scopes": ["read:users","write:users"],
    "custom_claims": {
        "contact_email": "notice@example.com"
    }
}

M2M access tokens are JWTs signed with the project’s JSON Web Keys, and can be validated locally using any Stytch client library. You may pass in an optional set of scopes that the JWT must contain in order to enforce permissions.

This method is only available via our backend SDKs.

Body

access_token

string

required

The access token granted to the client. Access tokens are JWTs signed with the project’s JWKS.

required_scopes

array[string]

The set of scopes this token is expected to contain. If the token is missing any of the scopes passed in, an error is returned.

max_token_age

number

The maximum allowed age of the JWT. M2M tokens are valid for one hour by default, but you can require a more-recent JWT on sensitive routes.

clock_tolerance_seconds

number

The clock tolerance to use during token verification. This can help with clock drift issues.

Response

client_id

string

The ID of the M2M Client the token was issued to.

scopes

array[string]

The complete set of scopes contained within the access token.

custom_claims

object

Any additional custom claims that were found within the JWT. Custom claims can be generated from an M2M Client’s metadata by using a JWT Template configured in the Dashboard.

request_id

string

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.

status_code

number

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.

⌘I

​Body

​Response

Body

Response