# Create public access token Creates a public access token for SDK authentication. This endpoint must be called from your secure backend server using your merchant credentials. The returned access token can be safely used in client-side applications to authenticate with the ChicksX SDK. Session and order correlation: A sessionId is required and ties each public token to exactly one order. Once an order has been placed, the session expires and cannot be reused. If a user attempts to place another order within the same session, they will see a message indicating the session has expired and must restart the checkout process from your platform. Security: Never expose your x-api-key or x-client-id in client-side code. Endpoint: POST /public_token/create Version: 1.0.0 ## Header parameters: - `x-api-key` (string, required) Your merchant API key (must be kept secure, never expose in client-side code) Example: "your-api-key" - `x-client-id` (string, required) Your merchant client identifier (must be kept secure, never expose in client-side code) Example: "your-client-id" ## Request fields (application/json): - `scope` (array) Array of permission scopes for the token Example: ["wallet.read","merchant.read"] - `sessionId` (string, required) Unique session identifier that correlates this public token to a single order. Each session must map to exactly one order — once an order has been placed, the session expires and cannot be reused. If a user attempts to start another order within the same session, they will be prompted to restart the process from your platform. Example: "session-123abc" ## Response 201 fields (application/json): - `code` (string) Result code indicating the operation status Example: "OK" - `data` (object) Response data payload - `data.accessToken` (string) JWT access token for SDK authentication Example: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9..." - `data.tokenType` (string) Token type Example: "Bearer" - `data.expiresIn` (integer) Token lifetime in seconds Example: 3600 - `data.expiresAt` (integer) Unix timestamp when token expires Example: 1696531200 - `data.scope` (array) Granted permission scopes Example: ["wallet.read","merchant.read"] - `data.jti` (string) Unique token identifier (JWT ID) Example: "f47ac10b-58cc-4372-a567-0e02b2c3d479" - `message` (string) Human-readable response message Example: "Operation completed successfully" ## Response 400 fields (application/json): - `code` (string) Error code Example: "INVALID_INPUT" - `message` (string) Error message Example: "Invalid JSON in request body" ## Response 401 fields (application/json): - `code` (string) Error code Example: "INVALID_INPUT" - `message` (string) Error message Example: "Invalid JSON in request body" ## Response 500 fields (application/json): - `code` (string) Error code Example: "INVALID_INPUT" - `message` (string) Error message Example: "Invalid JSON in request body"