postIssue action token#

Issues a short-lived action token that authorises a specific money-movement command. The token is bound to the caller and to the command digest of the requested action. Pass it in the X-Action-Token header when submitting the authorised command (e.g. POST /withdrawals). Service principals are exempt from this requirement.

Request#

POST /action-tokens

{
  "action": "withdrawal.create",
  "withdrawal": {}
}

Responses#

{
  "bound_actor": "users/b8e2f1a0-4c3d-4e5f-9a1b-2c3d4e5f6a7b",
  "bound_command_digest": "sha256:abcdef1234567890",
  "expires_at": "2026-05-01T10:00:00Z",
  "token": "act_tok_abc123xyz"
}