Mint a session token
Scopes your browsing session to a specific profile. You’ll call this:
- after sign-in, to pick which profile is active
- when the user switches to a different profile
- when the previous session token has expired
Returns a short-lived session token (valid for 30 minutes) and its expiry time.
Use this token in the Authorization header for all session-tier endpoints — pages, rows, and profile-scoped lists.
Auth tier: identity — send your refresh token in the Authorization: Bearer header.
Documentation Index
Fetch the complete documentation index at: https://docs.discovr.media/llms.txt
Use this file to discover all available pages before exploring further.
Authorizations
Bearer token authentication.
- Identity-tier endpoints (
/profiles,/auth/session-token,/auth/session) accept a long-lived refresh token (rt_<hex>). - Session-tier endpoints (
/pages/*,/profile/*) accept a short-lived session JWT.
SDK clients use two typed API accessors (identityApi() with the
refresh token vs sessionApi() with the session JWT) — see the SDK
DiscovrAuth helper.
Format: Authorization: Bearer {token}
Body
The profile to scope the session to.
The ID of the profile to activate. Must belong to the signed-in user.
"profile_abc123"
Response
A new session token.
The session token scoped to the selected profile. Valid for 30 minutes.
Your session credential, valid for 30 minutes. Send it as the bearer in the Authorization header for all session-tier endpoints (/pages/*, /profile/*).
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
A unique identifier for this browsing session. Each new session token carries a fresh session ID.
"feedfacefeedfacefeedfacefeedface"
When the session token expires, as a Unix timestamp (seconds).
1733091000