Skip to main content

Creating Session Tokens

Session tokens are short-lived, user-scoped versions of an API key that grant limited access to the Warrant API for a single user. They must be generated server-side but can be shared with client applications to allow them to directly perform access control checks against the Warrant API. This guide will show you how to generate session tokens.


We recommend generating session tokens for your users during your login/sign-up flow. Once a token is generated, you can return it to your client application along with any other information required for your normal login/sign-up process.


Install the Warrant SDK for your server-side language

npm install @warrantdev/warrant-node

Create a Session Token#

The Warrant SDK allows you to easily create session tokens. Two things are required to create valid session tokens for your users:

  1. A valid API key
  2. The userId of the user the session token is being created for. This is the identifier you assigned for the user in Warrant (we recommend using the same identifier you use in your system).
Create a Session Token
curl "" \    -X POST \    -H "Authorization: ApiKey YOUR_KEY"