Tokens

Tokens are short-lived secrets created by an Appwrite Server SDK that can be exchanged for session by a Client SDK to log in users. Some auth methods like Magic URL login, Email OTP login, or Phone (SMS) login already generate tokens.

You can also create custom tokens using the Create token endpoint of the Users API. This can be used to implement custom authentication flows.

Tokens are created with the following properties:

PropertyTypeDescription
$id
string
Token ID.
$createdAt
string
Token creation date in ISO 8601 format.
userId
string
User ID.
secret
string
Token secret key. This will return an empty string unless the response is returned using an API key or as part of a webhook payload.
expire
string
Token expiration date in ISO 8601 format.

Many Appwrite authentication methods use a token-base flow to authenticate users. For token-based authentication methods, there are two high level steps to authenticate a user:

Token login

You can find different usage of tokens in the Appwrite.