# Security

## Generate JWT tokens from custom claims

> Creates one or more JWT tokens with custom claims for advanced authentication scenarios.\
> \
> \## Use Cases\
> \- Testing and development\
> \- Service-to-service authentication\
> \- Custom identity workflows\
> \- Token migration scenarios\
> \
> \## Authorization\
> Requires \<c>AuthenticationToken.Write\</c> scope - restricted to authorized administrators and services.\
> \
> \## Validity Duration\
> \- Default: 10 years (3650.00:00:00.000)\
> \- Configurable via query parameter in TimeSpan format\
> \- Examples: \<c>1.00:00:00\</c> (1 day), \<c>30.00:00:00\</c> (30 days)\
> \
> \## Request Format\
> Accepts an array of claim sets, where each set generates one token:\
> \<c>\[\[{\\"type\\": \\"sub\\", \\"value\\": \\"user123\\"}, {\\"type\\": \\"email\\", \\"value\\": \\"<user@example.com>\\"}]]\</c>\
> \
> \## Security Warning\
> Generated tokens have full authentication authority. Protect endpoint access and token distribution carefully.

```json
{"openapi":"3.1.1","info":{"title":"Neostore internal API","version":"v1"},"tags":[{"name":"Security"}],"servers":[{"url":"https://app.neostore.cloud","description":"Production Server"},{"url":"https://app-qa.neostore.cloud","description":"Staging Server"}],"security":[{"admin-bearer":["ScopedAuthorizeRequirement"]},{"apiKey":["ScopedAuthorizeRequirement"]}],"components":{"securitySchemes":{"admin-bearer":{"type":"oauth2","flows":{"implicit":{"authorizationUrl":"https://auth.neostore.cloud/authorize?audience=https://app.neostore.cloud/api/","scopes":{}}}},"apiKey":{"type":"apiKey","name":"X-API-KEY","in":"header"}},"schemas":{"WebClaim":{"type":"object","properties":{"type":{"type":"string","description":"claim type"},"value":{"type":"string","description":"Value"},"valueType":{"type":["null","string"],"description":"optional value type"}},"additionalProperties":false,"description":"Claim to generate JWT token for"},"ProblemDetails":{"type":"object","properties":{"type":{"type":["null","string"]},"title":{"type":["null","string"]},"status":{"type":["null","integer"],"format":"int32"},"detail":{"type":["null","string"]},"instance":{"type":["null","string"]}},"additionalProperties":{}},"HttpValidationProblemDetails":{"type":"object","allOf":[{"$ref":"#/components/schemas/ProblemDetails"}],"properties":{"errors":{"type":"object","additionalProperties":{"type":"array","items":{"type":"string"}}}},"additionalProperties":{}}}},"paths":{"/api/{tenantId}/tokens/generate":{"post":{"tags":["Security"],"summary":"Generate JWT tokens from custom claims","description":"Creates one or more JWT tokens with custom claims for advanced authentication scenarios.\n\n## Use Cases\n- Testing and development\n- Service-to-service authentication\n- Custom identity workflows\n- Token migration scenarios\n\n## Authorization\nRequires <c>AuthenticationToken.Write</c> scope - restricted to authorized administrators and services.\n\n## Validity Duration\n- Default: 10 years (3650.00:00:00.000)\n- Configurable via query parameter in TimeSpan format\n- Examples: <c>1.00:00:00</c> (1 day), <c>30.00:00:00</c> (30 days)\n\n## Request Format\nAccepts an array of claim sets, where each set generates one token:\n<c>[[{\\\"type\\\": \\\"sub\\\", \\\"value\\\": \\\"user123\\\"}, {\\\"type\\\": \\\"email\\\", \\\"value\\\": \\\"user@example.com\\\"}]]</c>\n\n## Security Warning\nGenerated tokens have full authentication authority. Protect endpoint access and token distribution carefully.","parameters":[{"name":"validityDuration","in":"query","description":"Optional validity duration in TimeSpan format (e.g., \"1.00:00:00\" for 1 day). Default is 10 years","schema":{"type":"string"}},{"name":"tenantId","in":"path","required":true,"schema":{"type":"string"}}],"requestBody":{"description":"Array of claim sets; each set generates one JWT token","content":{"application/json":{"schema":{"type":"array","items":{"type":"array","items":{"description":"Claim to generate JWT token for","$ref":"#/components/schemas/WebClaim"}}}},"text/json":{"schema":{"type":"array","items":{"type":"array","items":{"description":"Claim to generate JWT token for","$ref":"#/components/schemas/WebClaim"}}}},"application/*+json":{"schema":{"type":"array","items":{"type":"array","items":{"description":"Claim to generate JWT token for","$ref":"#/components/schemas/WebClaim"}}}}}},"responses":{"200":{"description":"Tokens generated successfully.","content":{"text/plain":{"schema":{"type":"array","items":{"type":"string"}}},"application/json":{"schema":{"type":"array","items":{"type":"string"}}},"text/json":{"schema":{"type":"array","items":{"type":"string"}}}}},"401":{"description":"Caller not authenticated.","content":{"text/plain":{"schema":{"oneOf":[{"$ref":"#/components/schemas/ProblemDetails"},{"$ref":"#/components/schemas/HttpValidationProblemDetails"}]}},"application/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/ProblemDetails"},{"$ref":"#/components/schemas/HttpValidationProblemDetails"}]}},"text/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/ProblemDetails"},{"$ref":"#/components/schemas/HttpValidationProblemDetails"}]}}}},"403":{"description":"Caller lacks AuthenticationToken.Write scope.","content":{"text/plain":{"schema":{"oneOf":[{"$ref":"#/components/schemas/ProblemDetails"},{"$ref":"#/components/schemas/HttpValidationProblemDetails"}]}},"application/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/ProblemDetails"},{"$ref":"#/components/schemas/HttpValidationProblemDetails"}]}},"text/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/ProblemDetails"},{"$ref":"#/components/schemas/HttpValidationProblemDetails"}]}}}},"500":{"description":"Unexpected server error."}}}}}}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.thewalletcrew.io/api-reference/tenant-config/security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.