Call the /config/tokenPolicies operation using the POST method to create or modify a token policy for your Hosted Login implementation.

​Akamai​ issues you a pair of token policies: one for your public client and one for your confidential client. These might be the only policies you need: multiple clients can share the same token policy. However, you will have to modify these policies (or create additional policies) if you:

• Want to use different scopes for different sets of users.
• Want to use different access token and refresh token time-to-live values for different sets of users.
• Want to use opaque access tokens for some users and JWT access tokens for other users.

When configuring Bearer token authorization for this call, use the configuration token you provisioned in Get an administrative access token.

Request template

curl -X POST \
https://v1.api.<region>.janrain.com/<customer-id>/config/tokenPolicies \
  -H 'Authorization: Bearer <token> \
  -H 'Content-Type: application/json' \
  -d '{
  "accessTokenLifetime": <lifetime-in-seconds>,
  "allowedScopes": [
    "<scope>",
    "<scope>",
    ...
  ],
  "refreshTokenLifetime": <lifetime-in-seconds>,
  "title": "<new-token-policy-name>", 
  "useAccessJWT": true
}'

curl -X POST \
https://v1.api.us.janrain.com/12345678-1234-1234-1234-123456789012/config/tokenPolicies \
  -H 'Authorization: Bearer 123abc456...def789ghi' \
  -H 'Content-Type: application/json' \
  -d '{
  "accessTokenLifetime": 3600,
  "allowedScopes": [
    "openid",
    "profile",
    "email",
    "address",
    "phone"
  ],
  "refreshTokenLifetime": 36000,
  "title": "Property 1 Token Policy", 
  "useAccessJWT": true
}'

Example request

Example response

"a123bcde-4f56-7890-gh12-i34j567k8l90"

The response contains the ID of the token policy you just created. If you want to review the full token policy you just created, call the /config/tokenPolicies/{tokenPolicyId} operation using the GET method.