Limited availability Creates a short-lived bearer token for you as a delegate user to run API operations on a specific child account. The token inherits the permissions set by a child account admin for your delegate user. Your username as the delegate user follows the specific naming convention:
<Delegate-Parent account usernaname>-<SHA256 hash of parent `company` name and child account `euuId`>These variables only use the first 15 and 16 characters of these values, respectively.
The API returns the raw token in the response. You can't get it again, so be sure to store it.
Example workflow:
- List child accounts and store the
euuidfor the applicable one. - Run this operation and store the
tokenthat's created for the delegate user. - Run operations on the child account using the stored
tokento authenticate API operations.
Prerequisite:
To manage a child account, you need to be added by a parent account admin to the account delegation for the specific child account. An account delegation is a group of parent account users, either admin or non-admin, delegated to manage a specific child account. To learn more about the parent and child accounts feature and account delegations, see Parent and child accounts.
Parent and child accounts featureThis operation is available only within the context of the parent and child account feature and can be run only on a parent account.
Permissions and scopes
To call this operation, you need permissions, based on the model you're using:
- Identity and access permissions. Your user needs a role with these permissions. Learn more.
- Permissions:
create_child_account_token
- Permissions: