Fluz Overview
API ReferenceFluz
Start typing to search…

Generate a User Access Token

API actions (like purchasing) require a temporary User Access Token with specific permissions (scopes).

  • Required info:

    • Your API Key (use your Test API Key for testing)
    • Your User ID (use your Test User ID for testing)
    • The accountId you previously saved.
    • Your desired scopes (permissions).

  • Common scopes:

    • LIST_OFFERS: View available merchants and offers.
    • PURCHASE_GIFTCARD: Buy gift cards.
    • REVEAL_GIFTCARD: View purchased gift card details.
    • LIST_PURCHASES: See purchase history.
    • LIST_PAYMENT: View payment methods.
    • MANAGE_PAYMENT: Add or remove payment methods.
    • 📘 Learn more: Application Scopes Documentation

  • Generate token using cURL (Sandbox):
    Replace placeholders <YOUR_SANDBOX_API_KEY>, <YOUR_SANDBOX_USER_ID>, and <YOUR_ACCOUNT_ID> with the credentials you would like to use.

    curl -X POST https://transactional-graph.staging.fluzapp.com/api/v1/graphql \
  -H "Authorization: Basic <YOUR_SANDBOX_API_KEY>" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "mutation generateUserAccessToken($userId: UUID!, $accountId: UUID!, $scopes: [ScopeType!]!, $seatId: UUID) { generateUserAccessToken(userId: $userId, accountId: $accountId, scopes: $scopes, seatId: $seatId) { token scopes } }",
    "variables": {
      "userId": "<YOUR_SANDBOX_USER_ID>",
      "accountId": "<YOUR_ACCOUNT_ID>",
      "scopes": [
        "LIST_PURCHASES", "LIST_OFFERS", "LIST_PAYMENT",
        "REVEAL_GIFTCARD", "PURCHASE_GIFTCARD", "MANAGE_PAYMENT"
      ]
    }
  }'

  • Response: You'll get a token.

    {
  "data": {
    "generateUserAccessToken": {
      "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...", // <-- This is your User Access Token
      "scopes": ["LIST_PURCHASES", ...]
    }
  }
}

  • 💾 Copy thetoken value. You'll use this in the Authorization: Bearer <YOUR_USER_ACCESS_TOKEN> header for authenticated requests.

  • In your code:

❗️

Token Validity & Caching:

  • Sandbox Tokens expire after 10 minutes.
  • Production Tokens expire after 3 minutes.
  • Recommendation: Cache the token in your application and refresh it only when it's expired or about to expire, rather than generating one for every single API call.

Want to learn more? Contact us at [email protected]

Speak with our experts for more info or to request a demo.

Updated about 1 month ago