Exchange an approved sign-in for a token

{ "_links": { "self": { "href": "/v0/cli/personal-access-tokens" }, "tokens": { "href": "/v0/cli/personal-access-tokens" } }, "expires_at": 1735689600000, "token": "cli_...plaintext...shown-once", "token_type": "bearer" }

Headers

X-Timestamp-Format

string

Controls how timestamp fields are serialized in JSON response bodies.

Default (header omitted or any other value): epoch milliseconds as integers. iso8601: UTC ISO 8601 strings of the form YYYY-MM-DDTHH:MM:SSZ.

Example: with X-Timestamp-Format: iso8601, the field value 1704067200000 becomes "2024-01-01T00:00:00Z".

Affected fields (recursively, in dicts and arrays): any field whose name ends in _at, plus the literal field names timestamp, period_start, and period_end. All other fields are passed through unchanged.

Only iso8601 is recognized. Any other value (or omitting the header) yields the default epoch-ms representation; the server does not reject unknown values, so this is documented as an example rather than an enum to keep generated clients permissive.

Example:

"iso8601"

Body

application/json

Body for POST /v0/cli/personal-access-tokens.

Carries the approved device code (the CLI's bearer secret from the create step) to trade for a personal access token. Single-use.

device_code

string

required

The approved device code returned when the sign-in was started.

Required string length: 1 - 512

Response

Token issued

The minted personal access token, returned exactly once at exchange time.

_links

Links · object

required

HAL-style hypermedia links for navigation and available actions.

Show child attributes

token

string

required

Plaintext personal access token. Returned only here, once.

expires_at

integer

required

Token expiry timestamp (epoch ms).

token_type

string

default:bearer

Token type — always 'bearer'.