# POST /api/v1/tokens

> Create token

- **Tag:** api-tokens
- **Operation ID:** `create_token_api_v1_tokens_post`

## Description

Create a new API token

## Authentication

Bearer token in `Authorization` header.
Required header: `x-business-id: <business uuid>`.

## Request body

Schema: `APITokenCreate`

- `name` (string · required) — Token name
- `description` (string) — Optional description
- `expires_in_days` (integer) — Expiration in days (1-365, default: 365)

## Responses

### 201 — Successful Response

Schema: `APITokenCreateResponse`

- `token` (string · required) — The JWT token - save it now, you won't see it again!
- `token_info` (APITokenResponse · required) → `APITokenResponse` — Token metadata
  - `id` (string · required) — Token record ID
  - `jti` (string · required) — Unique token identifier (JWT ID)
  - `name` (string) — Human-readable token name
  - `description` (string) — Optional token description
  - `token_prefix` (string · required) — First characters of the token for display (e.g. dz_abc...)
  - `token_type` (string) — Token type (always 'api')
  - `created_at` (string · date-time · required) — When the token was created
  - `last_used_at` (string · date-time) — Last time the token was used for authentication
  - `expires_at` (string · date-time) — When the token expires (null = never)
  - `revoked_at` (string · date-time) — When the token was revoked (null = active)
  - `revocation_reason` (string) — Reason the token was revoked

### 400 — Bad Request - Invalid input

### 401 — Unauthorized - Authentication required

### 403 — Forbidden - Insufficient permissions

### 422 — Validation Error

Schema: `HTTPValidationError`

- `detail` (array · ValidationError) → `ValidationError`
  - `loc` (array · string | integer · required)
  - `msg` (string · required)
  - `type` (string · required)
  - `input` (object)
  - `ctx` (object)

## Code samples

### cURL

```bash
curl -X POST 'https://api.ondayzero.com/api/v1/tokens' \
  -H 'Authorization: Bearer dz_your_token' \
  -H 'x-business-id: YOUR_BUSINESS_ID' \
  -H 'Content-Type: application/json' \
  -d '{
  "name": "string"
}'
```

### JavaScript

```javascript
const response = await fetch('https://api.ondayzero.com/api/v1/tokens', {
  method: 'POST',
  headers: {
    Authorization: 'Bearer dz_your_token',
    'x-business-id': 'YOUR_BUSINESS_ID',
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
  "name": "string"
}),
});
const data = await response.json();
```

### Python

```python
import httpx

headers = {
    "Authorization": "Bearer dz_your_token",
    "x-business-id": "YOUR_BUSINESS_ID",
}

payload = {
  "name": "string"
}

response = httpx.post("https://api.ondayzero.com/api/v1/tokens", headers=headers, json=payload)
data = response.json()
```

## See also

- HTML version: https://www.ondayzero.com/docs/reference/api-tokens/create-token
- OpenAPI slice: https://www.ondayzero.com/docs/reference/api-tokens/create-token/openapi.json
- Other endpoints in **api-tokens**: https://www.ondayzero.com/docs/reference/api-tokens