Fluz Overview
API ReferenceFluz
Start typing to search…

Generate a User Access Token

API actions (like purchasing) require a temporary User Access Token with specific permissions (scopes).

  • Required info:

    • Your API Key (use your Test API Key for testing)
    • Your User ID (use your Test User ID for testing)
    • The accountId you previously saved.
    • Your desired scopes (permissions).

  • Common scopes:

    • LIST_OFFERS: View available merchants and offers.
    • PURCHASE_GIFTCARD: Buy gift cards.
    • REVEAL_GIFTCARD: View purchased gift card details.
    • LIST_PURCHASES: See purchase history.
    • LIST_PAYMENT: View payment methods.
    • MANAGE_PAYMENT: Add or remove payment methods.
    • 📘 Learn more: Application Scopes Documentation

  • Generate token using cURL (Sandbox):
    Replace placeholders <YOUR_SANDBOX_API_KEY>, <YOUR_SANDBOX_USER_ID>, and <YOUR_ACCOUNT_ID> with the credentials you would like to use.

    curl -X POST https://transactional-graph.staging.fluzapp.com/api/v1/graphql \
  -H "Authorization: Basic <YOUR_SANDBOX_API_KEY>" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "mutation generateUserAccessToken($userId: UUID!, $accountId: UUID!, $scopes: [ScopeType!]!, $seatId: UUID) { generateUserAccessToken(userId: $userId, accountId: $accountId, scopes: $scopes, seatId: $seatId) { token scopes } }",
    "variables": {
      "userId": "<YOUR_SANDBOX_USER_ID>",
      "accountId": "<YOUR_ACCOUNT_ID>",
      "scopes": [
        "LIST_PURCHASES", "LIST_OFFERS", "LIST_PAYMENT",
        "REVEAL_GIFTCARD", "PURCHASE_GIFTCARD", "MANAGE_PAYMENT"
      ]
    }
  }'

  • Response: You'll get a token.

    {
  "data": {
    "generateUserAccessToken": {
      "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...", // <-- This is your User Access Token
      "scopes": ["LIST_PURCHASES", ...]
    }
  }
}

  • 💾 Copy thetoken value. You'll use this in the Authorization: Bearer <YOUR_USER_ACCESS_TOKEN> header for authenticated requests.

  • In your code:


❗️

Token Validity & Caching:

  • Sandbox Tokens expire after 10 minutes.
  • Production Tokens expire after 3 minutes.
  • Recommendation: Cache the token in your application and refresh it only when it's expired or about to expire, rather than generating one for every single API call.

Updated 17 days ago