Mint a per-user app session token for a login-required deep-agent artifact
Mints a per-user app token for the signed-in viewer opening a login-required deep-agent artifact. Authed as the b3 user; the viewer's id + active org come from the auth context, not the body. The server resolves the artifact's org from the :appId (deep-agent run id), verifies the workflow is in it and the viewer is acting within it, then signs a token carrying the viewer's id.
POST
/v1/app-gateway/{appId}/session
Mints a per-user app token for the signed-in viewer opening a login-required deep-agent artifact. Authed as the b3 user; the viewer's id + active org come from the auth context, not the body. The server resolves the artifact's org from the :appId (deep-agent run id), verifies the workflow is in it and the viewer is acting within it, then signs a token carrying the viewer's id.
Path Parameters
appId
string
required
path
Deep-agent run id (app id)
Request Body required
Viewer token mint params
application/jsonOne of:
Option 1
Option 2
workflowId
string
Responses
200
OK
application/jsonexp
string
token
string
401
Unauthorized
403
Forbidden
404
Not Found
curl -X POST 'https://api.example.com/v1/app-gateway/string/session' \ -H 'Authorization: Bearer YOUR_API_TOKEN' \ -H 'Content-Type: application/json' \ -d '{}'
const response = await fetch('https://api.example.com/v1/app-gateway/string/session', { method: 'POST', headers: { "Authorization": "Bearer YOUR_API_TOKEN", "Content-Type": "application/json" }, body: JSON.stringify({})});const data = await response.json();console.log(data);
import requestsheaders = { 'Authorization': 'Bearer YOUR_API_TOKEN'}response = requests.post('https://api.example.com/v1/app-gateway/string/session', headers=headers, json={})print(response.json())
package mainimport ( "fmt" "io" "net/http" "strings")func main() { body := strings.NewReader(`{}`) req, _ := http.NewRequest("POST", "https://api.example.com/v1/app-gateway/string/session", body) req.Header.Set("Authorization", "Bearer YOUR_API_TOKEN") req.Header.Set("Content-Type", "application/json") resp, _ := http.DefaultClient.Do(req) defer resp.Body.Close() result, _ := io.ReadAll(resp.Body) fmt.Println(string(result))}
200
Response
{ "exp": "<string>", "token": "<string>"}
API Playground
Try this endpoint
POST
/v1/app-gateway/{appId}/session
