Mint a long-lived opaque bearer token bound to the authenticated viewer's DID, scoped to widget-readable methods only. The iOS home-screen widget uses this so it doesn't need to port DPoP signing into Swift. Returns the raw token (only shown once) plus its expiry. Tokens never expire any prior tokens — the old one keeps working until its own expiry.
Output
Encoding
application/jsonexpiresAt
stringdatetime
Required
An RFC 3339 formatted timestamp.
token
string
Required
Opaque bearer token. Use as `Authorization: Bearer <token>` directly against the AppView for allowed methods. Always prefixed with `dpwt_`.
Try It
Requests are sent directly from your browser. Some servers may block requests due to CORS.
View raw schema
{
"type": "procedure",
"output": {
"schema": {
"type": "object",
"required": [
"token",
"expiresAt"
],
"properties": {
"token": {
"type": "string",
"description": "Opaque bearer token. Use as `Authorization: Bearer <token>` directly against the AppView for allowed methods. Always prefixed with `dpwt_`."
},
"expiresAt": {
"type": "string",
"format": "datetime"
}
}
},
"encoding": "application/json"
},
"description": "Mint a long-lived opaque bearer token bound to the authenticated viewer's DID, scoped to widget-readable methods only. The iOS home-screen widget uses this so it doesn't need to port DPoP signing into Swift. Returns the raw token (only shown once) plus its expiry. Tokens never expire any prior tokens — the old one keeps working until its own expiry."
}