Reference
post/v3/user/tokens

Creates and returns a new authentication token for the currently authenticated User. The bearerToken property is only provided once, in the response body, so be sure to save it on the client for use with API requests.

Optional params

fetch-request

1
await fetch("https://api.vercel.com/v3/user/tokens?slug=SOME_STRING_VALUE&teamId=SOME_STRING_VALUE", {
2
"body": {
3
"name": "SOME_STRING_VALUE",
4
"expiresAt": "SOME_NUMBER_VALUE"
5
},
6
"headers": {
7
"Authorization": "Bearer <TOKEN>"
8
},
9
"method": "post"
10
})
Query ParameterDescription

slug

string

The Team slug to perform the request on behalf of.

teamId

string

The Team identifier to perform the request on behalf of.

Successful response.

  • bearerTokenstringRequired
    The authentication token's actual value. This token is only provided in this response, and can never be retrieved again in the future. Be sure to save it somewhere safe!

    Example: uRKJSTt0L4RaSkiMj41QTkxM

  • tokenRequired
CodeDescription
200Successful response.
400One of the provided values in the request body is invalid.
401
403You do not have permission to access this resource.
delete/v3/user/tokens/{tokenId}

Invalidate an authentication token, such that it will no longer be valid for future HTTP requests.

Optional params

fetch-request

1
await fetch("https://api.vercel.com/v3/user/tokens/5d9f2ebd38ddca62e5d51e9c1704c72530bdc8bfdd41e782a6687c48399e8391", {
2
"headers": {
3
"Authorization": "Bearer <TOKEN>"
4
},
5
"method": "delete"
6
})
Path ParameterDescription

tokenId

string

required
The identifier of the token to invalidate. The special value "current" may be supplied, which invalidates the token that the HTTP request was authenticated with.
Example:5d9f2ebd38ddca62e5d51e9c1704c72530bdc8bfdd41e782a6687c48399e8391

Authentication token successfully deleted.

  • tokenIdstringRequired
    The unique identifier of the token that was deleted.

    Example: 5d9f2ebd38ddca62e5d51e9c1704c72530bdc8bfdd41e782a6687c48399e8391

CodeDescription
200Authentication token successfully deleted.
400One of the provided values in the request query is invalid.
401
403You do not have permission to access this resource.
404Token not found with the requested tokenId.
post/v1/integrations/sso/token

During the autorization process, Vercel sends the user to the provider redirectLoginUrl, that includes the OAuth authorization code parameter. The provider then calls the SSO Token Exchange endpoint with the sent code and receives the OIDC token. They log the user in based on this token and redirects the user back to the Vercel account using deep-link parameters included the redirectLoginUrl. This is used to verify the identity of the user during the Open in Provider flow. Providers should not persist the returned id_token in a database since the token will expire.

Optional params

fetch-request

1
await fetch("https://api.vercel.com/v1/integrations/sso/token", {
2
"body": {
3
"client_id": "SOME_STRING_VALUE",
4
"client_secret": "SOME_STRING_VALUE",
5
"code": "SOME_STRING_VALUE",
6
"redirect_uri": "SOME_STRING_VALUE",
7
"state": "SOME_STRING_VALUE"
8
},
9
"headers": {
10
"Authorization": "Bearer <TOKEN>"
11
},
12
"method": "post"
13
})
Body ParameterDescription

client_id

string

required
The integration client id

client_secret

string

required
The integration client secret

code

string

required
The sensitive code received from Vercel

redirect_uri

string

The integration redirect URI

state

string

The state received from the initialization request
  • access_tokenRequired
  • id_tokenstringRequired
  • token_typeRequired
CodeDescription
200
400One of the provided values in the request body is invalid.
404
500
get/v5/user/tokens/{tokenId}

Retrieve metadata about an authentication token belonging to the currently authenticated User.

Optional params

fetch-request

1
await fetch("https://api.vercel.com/v5/user/tokens/5d9f2ebd38ddca62e5d51e9c1704c72530bdc8bfdd41e782a6687c48399e8391", {
2
"headers": {
3
"Authorization": "Bearer <TOKEN>"
4
},
5
"method": "get"
6
})
Path ParameterDescription

tokenId

string

required
The identifier of the token to retrieve. The special value "current" may be supplied, which returns the metadata for the token that the current HTTP request is authenticated with.
Example:5d9f2ebd38ddca62e5d51e9c1704c72530bdc8bfdd41e782a6687c48399e8391

Successful response.

  • tokenRequired
CodeDescription
200Successful response.
400One of the provided values in the request query is invalid.
401
403You do not have permission to access this resource.
404Token not found with the requested tokenId.
get/v5/user/tokens

Retrieve a list of the current User's authentication tokens.

Optional params

fetch-request

1
await fetch("https://api.vercel.com/v5/user/tokens", {
2
"headers": {
3
"Authorization": "Bearer <TOKEN>"
4
},
5
"method": "get"
6
})
  • paginationRequired
  • testingToken
  • tokensarrayRequired
CodeDescription
200
400
401
403You do not have permission to access this resource.
Last updated on January 15, 2025