Skip to main content
const stytch = require('stytch');

const client = new stytch.Client({
  project_id: 'PROJECT_ID',
  secret: 'SECRET',
});

const params = {
  access_token: 'eyJ...',
  required_scopes: ['write:users'],
};

client.m2m
  .authenticateToken(params)
  .then((resp) => {
    console.log(resp);
  })
  .catch((err) => {
    console.log(err);
  });

package main

import (
  "context"
  "log"

  "github.com/stytchauth/stytch-go/v9/stytch/consumer/stytchapi"
  "github.com/stytchauth/stytch-go/v9/stytch/consumer/m2m"
)

func main() {
  client, err := stytchapi.NewClient(
    "PROJECT_ID",
    "SECRET",
  )
  if err != nil {
    log.Fatalf("error instantiating API client %s", err)
  }

  resp, err := client.M2M.AuthenticateToken(
    context.Background(),
    &m2m.AuthenticateTokenParams{
      AccessToken: "eyJ...",
      RequiredScopes: []string{"write:users"},
    }
  )
  if err != nil {
    log.Println(err)
  }

  log.Println(resp)
}

from stytch import Client

client = Client(
    project_id="PROJECT_ID",
    secret="SECRET",
)

resp = client.m2m.authenticate_token(
    access_token="eyJ...",
    required_scopes=["read:users", "write:users"]
)

print(resp)
require 'stytch'

client = Stytch::Client.new(
    project_id: "PROJECT_ID",
    secret: "SECRET"
)

resp = client.m2m.authenticate_token(
    access_token: "eyJ...",
    required_scopes: ["read:users", "write:users"]
)
puts resp
# This is a custom method that doesn't directly hit an API endpoint, so it's only available in our SDKs.
{
    "client_id": "m2m-client-test-d731954d-dab3-4a2b-bdee-07f3ad1be885",
    "scopes": ["read:users","write:users"],
    "custom_claims": {
        "contact_email": "notice@example.com"
    }
}
{
  "status_code": 404,
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "error_type": "m2m_client_not_found",
  "error_message": "The m2m client requested could not be found.",
  "error_url": "https://stytch.com/docs/api/errors/404"
}
{
  "status_code": 429,
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "error_type": "too_many_requests",
  "error_message": "Too many requests have been made.",
  "error_url": "https://stytch.com/docs/api/errors/429"
}
{
  "status_code": 500,
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "error_type": "internal_server_error",
  "error_message": "Oops, something seems to have gone wrong, please reach out to support@stytch.com to let us know what went wrong.",
  "error_url": "https://stytch.com/docs/api/errors/500"
}
const stytch = require('stytch');

const client = new stytch.Client({
  project_id: 'PROJECT_ID',
  secret: 'SECRET',
});

const params = {
  access_token: 'eyJ...',
  required_scopes: ['write:users'],
};

client.m2m
  .authenticateToken(params)
  .then((resp) => {
    console.log(resp);
  })
  .catch((err) => {
    console.log(err);
  });

package main

import (
  "context"
  "log"

  "github.com/stytchauth/stytch-go/v9/stytch/consumer/stytchapi"
  "github.com/stytchauth/stytch-go/v9/stytch/consumer/m2m"
)

func main() {
  client, err := stytchapi.NewClient(
    "PROJECT_ID",
    "SECRET",
  )
  if err != nil {
    log.Fatalf("error instantiating API client %s", err)
  }

  resp, err := client.M2M.AuthenticateToken(
    context.Background(),
    &m2m.AuthenticateTokenParams{
      AccessToken: "eyJ...",
      RequiredScopes: []string{"write:users"},
    }
  )
  if err != nil {
    log.Println(err)
  }

  log.Println(resp)
}

from stytch import Client

client = Client(
    project_id="PROJECT_ID",
    secret="SECRET",
)

resp = client.m2m.authenticate_token(
    access_token="eyJ...",
    required_scopes=["read:users", "write:users"]
)

print(resp)
require 'stytch'

client = Stytch::Client.new(
    project_id: "PROJECT_ID",
    secret: "SECRET"
)

resp = client.m2m.authenticate_token(
    access_token: "eyJ...",
    required_scopes: ["read:users", "write:users"]
)
puts resp
# This is a custom method that doesn't directly hit an API endpoint, so it's only available in our SDKs.
{
    "client_id": "m2m-client-test-d731954d-dab3-4a2b-bdee-07f3ad1be885",
    "scopes": ["read:users","write:users"],
    "custom_claims": {
        "contact_email": "notice@example.com"
    }
}
{
  "status_code": 404,
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "error_type": "m2m_client_not_found",
  "error_message": "The m2m client requested could not be found.",
  "error_url": "https://stytch.com/docs/api/errors/404"
}
{
  "status_code": 429,
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "error_type": "too_many_requests",
  "error_message": "Too many requests have been made.",
  "error_url": "https://stytch.com/docs/api/errors/429"
}
{
  "status_code": 500,
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "error_type": "internal_server_error",
  "error_message": "Oops, something seems to have gone wrong, please reach out to support@stytch.com to let us know what went wrong.",
  "error_url": "https://stytch.com/docs/api/errors/500"
}
M2M access tokens are JWTs signed with the project’s JSON Web Keys, and can be validated locally using any Stytch client library. You may pass in an optional set of scopes that the JWT must contain in order to enforce permissions.
This method is only available via our backend SDKs.

Body

access_token
string
required
The access token granted to the client. Access tokens are JWTs signed with the project’s JWKS.
required_scopes
array[string]
The set of scopes this token is expected to contain. If the token is missing any of the scopes passed in, an error is returned.
max_token_age
number
The maximum allowed age of the JWT. M2M tokens are valid for one hour by default, but you can require a more-recent JWT on sensitive routes.
clock_tolerance_seconds
number
The clock tolerance to use during token verification. This can help with clock drift issues.

Response

client_id
string
The ID of the M2M Client the token was issued to.
scopes
array[string]
The complete set of scopes contained within the access token.
custom_claims
object
Any additional custom claims that were found within the JWT. Custom claims can be generated from an M2M Client’s metadata by using a JWT Template configured in the Dashboard.
request_id
string
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
status_code
number
The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.