Tokens are short-lived secrets created by an Appwrite Server SDK that can be exchanged for session by a Client SDK to log in users. Some auth methods like Magic URL login, Email OTP login, or Phone (SMS) login already generate tokens.
You can also create custom tokens using the Create token endpoint of the Users API. This can be used to implement custom authentication flows.
Tokens are created with the following properties:
| Property | Type | Description |
$id | string | Token ID. |
$createdAt | string | Token creation date in ISO 8601 format. |
userId | string | User ID. |
secret | string | Token secret key. This will return an empty string unless the response is returned using an API key or as part of a webhook payload. |
expire | string | Token expiration date in ISO 8601 format. |
Many Appwrite authentication methods use a token-base flow to authenticate users. For token-based authentication methods, there are two high level steps to authenticate a user:
Token login
You can find different usage of tokens in the Appwrite.