Unreleased on Cloud

This feature is not yet released on Cloud, which is on Appwrite 1.4.x. This is a feature available in Appwrite 1.5.x and will be available on Appwrite Cloud later.

Tokens are short-lived secrets created by an Appwrite Server SDK that can be exchanged for session by a Client SDK to log in users. Some auth methods like Magic URL login, Email OTP login, or Phone (SMS) login already generate tokens.

You can also create custom tokens using the Create token endpoint of the Users API. This can be used to implement custom authentication flows.

Tokens are created with the following properties:

$idstringToken ID.
$createdAtstringToken creation date in ISO 8601 format.
userIdstringUser ID.
secretstringToken secret key. This will return an empty string unless the response is returned using an API key or as part of a webhook payload.
expirestringToken expiration date in ISO 8601 format.

Many Appwrite authentication methods use a token-base flow to authenticate users. For token-based authentication methods, there are two high level steps to authenticate a user:

Token login

You can find different usage of tokens in the Appwrite.