The API Tokens API provides programmatic access to create, manage, and inspect long-lived authentication tokens on the Hoody platform. Use these endpoints to mint tokens with fine-grained permissions, restrict them by IP or realm, rotate secrets by copying, and enforce 2FA verification on sensitive operations. Token values are only returned once at creation or copy time and are never retrievable afterwards.
Note
Token creation, copy, realm mutation, update, and delete operations require a valid 2FA otp_code when the account has 2FA enabled and the caller is authenticating via JWT.
List all auth tokens for the authenticated user. Token values are never included in the response.
This endpoint takes no parameters.
curl -X GET https://api.hoody.com/api/v1/auth/tokens \
-H " Authorization: Bearer <token> "
const { data } = await client . api . authTokens . listIterator ();
"message" : " Auth tokens retrieved successfully " ,
"id" : " 507f1f77bcf86cd799439011 " ,
"alias" : " Production API Key " ,
"ip_whitelist" : [ " 192.168.1.0/24 " , " 10.0.0.1 " ],
"expires_at" : " 2025-12-31T23:59:59.000Z " ,
"last_used_at" : " 2025-10-28T12:00:00.000Z " ,
"last_used_ip" : " 198.51.100.1 " ,
"created_at" : " 2025-01-15T10:30:00.000Z " ,
"updated_at" : " 2025-01-15T14:45:00.000Z "
"id" : " 507f1f77bcf86cd799439022 " ,
"alias" : " Development Token " ,
"realm_ids" : [ " 507f1f77bcf86cd799439011 " ],
"created_at" : " 2025-01-10T08:00:00.000Z " ,
"updated_at" : " 2025-01-10T08:00:00.000Z "
"message" : " Authentication token required "
Error Code Title Description Resolution MISSING_TOKENAuthentication token missing No authentication token was provided in the request Include a valid JWT token in the Authorization header as Bearer <token> INVALID_TOKENInvalid authentication token The provided authentication token is malformed or invalid Obtain a new token by logging in again or using a valid auth token TOKEN_EXPIREDAuthentication token expired The provided authentication token has expired Obtain a new token by logging in again or refreshing your session
Get details of a specific auth token. The token value is not included.
Name In Type Required Description idpath string Yes Unique identifier of the token
curl -X GET https://api.hoody.com/api/v1/auth/tokens/507f1f77bcf86cd799439011 \
-H " Authorization: Bearer <token> "
const { data } = await client . api . authTokens . get ( {
id: " 507f1f77bcf86cd799439011 "
"message" : " Auth token retrieved successfully " ,
"id" : " 507f1f77bcf86cd799439011 " ,
"alias" : " Production API Key " ,
"ip_whitelist" : [ " 192.168.1.0/24 " , " 10.0.0.1 " ],
"expires_at" : " 2025-12-31T23:59:59.000Z " ,
"last_used_at" : " 2025-10-28T12:00:00.000Z " ,
"last_used_ip" : " 198.51.100.1 " ,
"created_at" : " 2025-01-15T10:30:00.000Z " ,
"updated_at" : " 2025-01-15T14:45:00.000Z "
"message" : " Invalid ID format "
Error Code Title Description Resolution INVALID_ID_FORMATInvalid ID format The provided ID must be a 24-character hexadecimal string Ensure the ID is exactly 24 characters long and contains only hexadecimal characters (0-9, a-f)
"message" : " Authentication token required "
Error Code Title Description Resolution MISSING_TOKENAuthentication token missing No authentication token was provided in the request Include a valid JWT token in the Authorization header as Bearer <token> INVALID_TOKENInvalid authentication token The provided authentication token is malformed or invalid Obtain a new token by logging in again or using a valid auth token TOKEN_EXPIREDAuthentication token expired The provided authentication token has expired Obtain a new token by logging in again or refreshing your session
"message" : " Authentication token not found "
Error Code Title Description Resolution TOKEN_NOT_FOUNDAuthentication token not found The requested authentication token does not exist or has been deleted Verify the token ID is correct and that the token still exists
Return metadata, permissions, and realm restrictions for the currently authenticated auth token. This endpoint is allowed on the base api.hoody.com domain for realm-scoped tokens to bootstrap realm discovery.
This endpoint takes no parameters.
curl -X GET https://api.hoody.com/api/v1/auth/tokens/me \
-H " Authorization: Bearer <token> "
const { data } = await client . api . authTokens . getCurrent ();
"message" : " Current auth token retrieved successfully " ,
"id" : " 507f1f77bcf86cd799439011 " ,
"alias" : " External Customer Token " ,
"realm_ids" : [ " 507f1f77bcf86cd799439012 " ],
"containers" : { "read" : true , "create" : true },
"resources" : { "realms" : true }
"created_at" : " 2025-01-15T10:30:00.000Z " ,
"updated_at" : " 2025-01-15T10:30:00.000Z "
"has_realm_restrictions" : true ,
"requires_realm_scope" : true ,
"allowed_realm_ids" : [ " 507f1f77bcf86cd799439012 " ],
"active_realm_id" : " 507f1f77bcf86cd799439012 "
"message" : " Authentication token required "
Error Code Title Description Resolution MISSING_TOKENAuthentication token missing No authentication token was provided in the request Include a valid JWT token in the Authorization header as Bearer <token> INVALID_TOKENInvalid authentication token The provided authentication token is malformed or invalid Obtain a new token by logging in again or using a valid auth token TOKEN_EXPIREDAuthentication token expired The provided authentication token has expired Obtain a new token by logging in again or refreshing your session
"message" : " Insufficient permissions "
Error Code Title Description Resolution INSUFFICIENT_PERMISSIONSInsufficient permissions You do not have the required permissions to perform this action Contact the resource owner or administrator to request access
Create a new long-term authentication token with optional IP restrictions, realm restrictions, expiration, and a fine-grained permission set.
This endpoint takes no path, query, or header parameters.
Field Type Required Description aliasstring No User-friendly alias. Allowed characters: letters, numbers, spaces, underscores, hyphens (max 254). If omitted, a random animal name is generated. public_keystring | null No Optional ED25519 public key as 64-character hexadecimal string. Pass null to clear. public_storageobject | null No Arbitrary public JSON profile object (max 64KB serialized). Pass null to clear. ip_whitelistarray | string No IP allowlist. Accepts an array of IPv4 addresses/CIDR ranges, a comma-separated string, or "*" wildcard. Defaults to "*". permission_templatestring No Permission template name. If provided, takes precedence over permissions. One of: full_access, external_customer, dev_team, finance_team, read_only. permissionsobject No Fine-grained permissions. Any missing permission path defaults to false (deny). realm_idsarray No Realm IDs this token is restricted to. If provided, the token can only be used on these realm subdomains. allow_no_realmboolean No Whether the token can be used without a realm scope. Defaults to true. Set to false for strict sub-account tokens. vault_accessboolean No Whether the token can access vault endpoints. Defaults to false. event_accessboolean No Whether the token can access event streams and event history. Defaults to true. expires_atstring | number No Expiration as ISO 8601 timestamp, Unix timestamp (seconds or milliseconds), "today", or "tomorrow". Omit for a non-expiring token. otp_codestring No TOTP code (6 digits) or backup code (10 alphanumeric). Required if 2FA is enabled on the account.
curl -X POST https://api.hoody.com/api/v1/auth/tokens \
-H " Authorization: Bearer <token> " \
-H " Content-Type: application/json " \
"alias": "Production API Key",
"public_key": "a1b2c3d4e5f6789012345678901234567890abcdefabcdefabcdefabcdef1234",
"display_name": "Production Integrations",
"ip_whitelist": ["192.168.1.0/24", "10.0.0.1"],
"expires_at": 1767225599000
const { data } = await client . api . authTokens . create ( {
alias: " Production API Key " ,
public_key: " a1b2c3d4e5f6789012345678901234567890abcdefabcdefabcdefabcdef1234 " ,
display_name: " Production Integrations " ,
ip_whitelist: [ " 192.168.1.0/24 " , " 10.0.0.1 " ] ,
expires_at: 1767225599000
"message" : " Auth token created successfully " ,
"token" : " hdy_a1b2c3d4e5f67890abcdef1234567890 " ,
"id" : " 507f1f77bcf86cd799439011 " ,
"alias" : " Production API Key " ,
"public_key" : " a1b2c3d4e5f6789012345678901234567890abcdefabcdefabcdefabcdef1234 " ,
"ip_whitelist" : [ " 192.168.1.0/24 " , " 10.0.0.1 " ],
"expires_at" : " 2025-12-31T23:59:59.000Z " ,
"created_at" : " 2025-01-15T10:30:00.000Z " ,
"updated_at" : " 2025-01-15T10:30:00.000Z "
"message" : " Validation failed "
Error Code Title Description Resolution VALIDATION_ERRORInvalid input parameters One or more request parameters failed validation Check the error message for specific field requirements and correct your input MISSING_REQUIRED_FIELDRequired field missing One or more required fields are missing from the request Include all required fields as specified in the API documentation OTP_REQUIRED2FA verification required This operation requires 2FA verification because your account has 2FA enabled Provide an otp_code field with a valid TOTP code or backup code INVALID_ALIAS_FORMATInvalid alias format Token alias must contain only letters, numbers, spaces, underscores, and hyphens Use only allowed characters: letters (a-z, A-Z), numbers (0-9), spaces, underscores (_), and hyphens (-) INVALID_IP_FORMATInvalid IP address format IP whitelist must contain valid IPv4 addresses or CIDR ranges Provide valid IPv4 addresses (e.g., 192.168.1.1) or CIDR ranges (e.g., 192.168.1.0/24), or use * for all IPs INVALID_REALM_ID_FORMATInvalid realm ID format Realm IDs must be 24-character hexadecimal strings Ensure all realm IDs are valid 24-character hex strings (e.g., 507f1f77bcf86cd799439011) INVALID_EXPIRATION_FORMATInvalid expiration format Expiration must be an ISO 8601 date, Unix timestamp, today, tomorrow, or null Use a valid date format: ISO 8601 string, Unix timestamp (seconds/milliseconds), today, tomorrow, or null for non-expiring INVALID_PUBLIC_KEY_FORMATInvalid public key format Public key must be exactly 64 hexadecimal characters (ED25519 format) Provide a valid 64-character ED25519 public key in hexadecimal format PUBLIC_STORAGE_TOO_LARGEPublic storage exceeds size limit public_storage must not exceed 64KB serialized JSONReduce the size of the public storage payload and retry EXPIRATION_IN_PASTExpiration date in the past The expiration date cannot be in the past Provide a future date for token expiration
"message" : " Authentication token required "
Error Code Title Description Resolution MISSING_TOKENAuthentication token missing No authentication token was provided in the request Include a valid JWT token in the Authorization header as Bearer <token> INVALID_TOKENInvalid authentication token The provided authentication token is malformed or invalid Obtain a new token by logging in again or using a valid auth token TOKEN_EXPIREDAuthentication token expired The provided authentication token has expired Obtain a new token by logging in again or refreshing your session
"message" : " Token alias already exists "
Error Code Title Description Resolution DUPLICATE_ALIASToken alias already exists You already have an authentication token with this alias Choose a different unique alias for this token
Update an existing auth token. Any field omitted from the request body is left unchanged. Provide null to clear expires_at, public_key, or public_storage.
Name In Type Required Description idpath string Yes Unique identifier of the token to update
Field Type Required Description aliasstring No New token alias (letters, numbers, spaces, underscores, hyphens; max 254) public_keystring | null No New ED25519 public key (64 hex chars), or null to clear public_storageobject | null No New public profile payload (max 64KB), or null to clear ip_whitelistarray | string No New IP allowlist (array, comma-separated string, or *) permissionsobject No Replacement permission set; any omitted path defaults to false (deny) realm_idsarray No Replacement realm restriction list allow_no_realmboolean No Whether the token can be used without a realm scope vault_accessboolean No Whether the token can access vault endpoints event_accessboolean No Whether the token can access event streams and event history expires_atstring | number | null No New expiration as ISO timestamp, Unix timestamp, today, tomorrow, or null to make non-expiring is_enabledboolean No Enable or disable the token otp_codestring No TOTP code (6 digits) or backup code (10 alphanumeric). Required if 2FA is enabled on the account.
curl -X PATCH https://api.hoody.com/api/v1/auth/tokens/507f1f77bcf86cd799439011 \
-H " Authorization: Bearer <token> " \
-H " Content-Type: application/json " \
"alias": "Updated Production Key",
"public_key": "a1b2c3d4e5f6789012345678901234567890abcdefabcdefabcdefabcdef1234",
"display_name": "Updated Profile",
"links": { "website": "https://example.com" }
const { data } = await client . api . authTokens . update ( {
id: " 507f1f77bcf86cd799439011 " ,
alias: " Updated Production Key " ,
public_key: " a1b2c3d4e5f6789012345678901234567890abcdefabcdefabcdefabcdef1234 " ,
display_name: " Updated Profile " ,
links: { website: " https://example.com " }
"message" : " Auth token updated successfully " ,
"id" : " 507f1f77bcf86cd799439011 " ,
"alias" : " Updated Production Key " ,
"public_key" : " a1b2c3d4e5f6789012345678901234567890abcdefabcdefabcdefabcdef1234 " ,
"last_used_at" : " 2025-10-28T12:00:00.000Z " ,
"last_used_ip" : " 198.51.100.1 " ,
"created_at" : " 2025-01-15T10:30:00.000Z " ,
"updated_at" : " 2025-01-15T14:45:00.000Z "
"message" : " Validation failed "
Error Code Title Description Resolution VALIDATION_ERRORInvalid input parameters One or more request parameters failed validation Check the error message for specific field requirements and correct your input INVALID_ID_FORMATInvalid ID format The provided ID must be a 24-character hexadecimal string Ensure the ID is exactly 24 characters long and contains only hexadecimal characters (0-9, a-f) OTP_REQUIRED2FA verification required This operation requires 2FA verification because your account has 2FA enabled Provide an otp_code field with a valid TOTP code or backup code INVALID_ALIAS_FORMATInvalid alias format Token alias must contain only letters, numbers, spaces, underscores, and hyphens Use only allowed characters: letters (a-z, A-Z), numbers (0-9), spaces, underscores (_), and hyphens (-) INVALID_IP_FORMATInvalid IP address format IP whitelist must contain valid IPv4 addresses or CIDR ranges Provide valid IPv4 addresses (e.g., 192.168.1.1) or CIDR ranges (e.g., 192.168.1.0/24), or use * for all IPs INVALID_REALM_ID_FORMATInvalid realm ID format Realm IDs must be 24-character hexadecimal strings Ensure all realm IDs are valid 24-character hex strings (e.g., 507f1f77bcf86cd799439011) INVALID_EXPIRATION_FORMATInvalid expiration format Expiration must be an ISO 8601 date, Unix timestamp, today, tomorrow, or null Use a valid date format: ISO 8601 string, Unix timestamp (seconds/milliseconds), today, tomorrow, or null for non-expiring INVALID_PUBLIC_KEY_FORMATInvalid public key format Public key must be exactly 64 hexadecimal characters (ED25519 format) Provide a valid 64-character ED25519 public key in hexadecimal format PUBLIC_STORAGE_TOO_LARGEPublic storage exceeds size limit public_storage must not exceed 64KB serialized JSONReduce the size of the public storage payload and retry EXPIRATION_IN_PASTExpiration date in the past The expiration date cannot be in the past Provide a future date for token expiration
"message" : " Authentication token required "
Error Code Title Description Resolution MISSING_TOKENAuthentication token missing No authentication token was provided in the request Include a valid JWT token in the Authorization header as Bearer <token> INVALID_TOKENInvalid authentication token The provided authentication token is malformed or invalid Obtain a new token by logging in again or using a valid auth token TOKEN_EXPIREDAuthentication token expired The provided authentication token has expired Obtain a new token by logging in again or refreshing your session
"message" : " Authentication token not found "
Error Code Title Description Resolution TOKEN_NOT_FOUNDAuthentication token not found The requested authentication token does not exist or has been deleted Verify the token ID is correct and that the token still exists
"message" : " Token alias already exists "
Error Code Title Description Resolution DUPLICATE_ALIASToken alias already exists You already have an authentication token with this alias Choose a different unique alias for this token
Copy an existing auth token’s configuration (permissions, realm restrictions, IP whitelist, public profile) into a new token with a freshly generated secret value. Useful for secret rotation without changing scopes.
Name In Type Required Description idpath string Yes Unique identifier of the token to copy
Field Type Required Description aliasstring No Alias for the copied token (max 254). If omitted, a deterministic alias like "<source> copy" is generated. expires_atstring | number | null No Override the source expiration. Accepts ISO 8601 timestamp, Unix timestamp, today, tomorrow, or null to make non-expiring. otp_codestring No TOTP code (6 digits) or backup code (10 alphanumeric). Required if 2FA is enabled on the account.
curl -X POST https://api.hoody.com/api/v1/auth/tokens/507f1f77bcf86cd799439011/copy \
-H " Authorization: Bearer <token> " \
-H " Content-Type: application/json " \
"alias": "Production API Key Copy"
const { data } = await client . api . authTokens . copy ( {
id: " 507f1f77bcf86cd799439011 " ,
alias: " Production API Key Copy "
"message" : " Auth token copied successfully " ,
"token" : " hdy_f0e1d2c3b4a5968778695a4b3c2d1e0f1234567890abcdef " ,
"id" : " 507f1f77bcf86cd799439099 " ,
"alias" : " Production API Key Copy " ,
"ip_whitelist" : [ " 192.168.1.0/24 " , " 10.0.0.1 " ],
"realm_ids" : [ " 507f1f77bcf86cd799439011 " ],
"expires_at" : " 2025-12-31T23:59:59.000Z " ,
"created_at" : " 2025-01-20T08:30:00.000Z " ,
"updated_at" : " 2025-01-20T08:30:00.000Z "
"message" : " Validation failed "
Error Code Title Description Resolution VALIDATION_ERRORInvalid input parameters One or more request parameters failed validation Check the error message for specific field requirements and correct your input INVALID_ID_FORMATInvalid ID format The provided ID must be a 24-character hexadecimal string Ensure the ID is exactly 24 characters long and contains only hexadecimal characters (0-9, a-f) OTP_REQUIRED2FA verification required This operation requires 2FA verification because your account has 2FA enabled Provide an otp_code field with a valid TOTP code or backup code INVALID_ALIAS_FORMATInvalid alias format Token alias must contain only letters, numbers, spaces, underscores, and hyphens Use only allowed characters: letters (a-z, A-Z), numbers (0-9), spaces, underscores (_), and hyphens (-) INVALID_EXPIRATION_FORMATInvalid expiration format Expiration must be an ISO 8601 date, Unix timestamp, today, tomorrow, or null Use a valid date format: ISO 8601 string, Unix timestamp (seconds/milliseconds), today, tomorrow, or null for non-expiring EXPIRATION_IN_PASTExpiration date in the past The expiration date cannot be in the past Provide a future date for token expiration
"message" : " Authentication token required "
Error Code Title Description Resolution MISSING_TOKENAuthentication token missing No authentication token was provided in the request Include a valid JWT token in the Authorization header as Bearer <token> INVALID_TOKENInvalid authentication token The provided authentication token is malformed or invalid Obtain a new token by logging in again or using a valid auth token TOKEN_EXPIREDAuthentication token expired The provided authentication token has expired Obtain a new token by logging in again or refreshing your session
"message" : " Insufficient permissions "
Error Code Title Description Resolution INSUFFICIENT_PERMISSIONSInsufficient permissions You do not have the required permissions to perform this action Contact the resource owner or administrator to request access ACCOUNT_BANNEDAccount banned Your account has been banned and cannot access this resource Contact support for information about your account status
"message" : " Authentication token not found "
Error Code Title Description Resolution TOKEN_NOT_FOUNDAuthentication token not found The requested authentication token does not exist or has been deleted Verify the token ID is correct and that the token still exists
"message" : " Token alias already exists "
Error Code Title Description Resolution DUPLICATE_ALIASToken alias already exists You already have an authentication token with this alias Choose a different unique alias for this token
Permanently delete an auth token. Once deleted, the token can no longer be used for authentication.
Name In Type Required Description idpath string Yes Unique identifier of the token
curl -X DELETE https://api.hoody.com/api/v1/auth/tokens/507f1f77bcf86cd799439011 \
-H " Authorization: Bearer <token> "
const { data } = await client . api . authTokens . delete ( {
id: " 507f1f77bcf86cd799439011 "
"message" : " Auth token deleted successfully "
"message" : " Invalid ID format "
Error Code Title Description Resolution INVALID_ID_FORMATInvalid ID format The provided ID must be a 24-character hexadecimal string Ensure the ID is exactly 24 characters long and contains only hexadecimal characters (0-9, a-f)
"message" : " Authentication token required "
Error Code Title Description Resolution MISSING_TOKENAuthentication token missing No authentication token was provided in the request Include a valid JWT token in the Authorization header as Bearer <token> INVALID_TOKENInvalid authentication token The provided authentication token is malformed or invalid Obtain a new token by logging in again or using a valid auth token TOKEN_EXPIREDAuthentication token expired The provided authentication token has expired Obtain a new token by logging in again or refreshing your session
"message" : " Insufficient permissions "
Error Code Title Description Resolution INSUFFICIENT_PERMISSIONSInsufficient permissions You do not have the required permissions to perform this action Contact the resource owner or administrator to request access ACCOUNT_BANNEDAccount banned Your account has been banned and cannot access this resource Contact support for information about your account status
"message" : " Authentication token not found "
Error Code Title Description Resolution TOKEN_NOT_FOUNDAuthentication token not found The requested authentication token does not exist or has been deleted Verify the token ID is correct and that the token still exists
Realm-scoped tokens are bound to one or more realm IDs. These endpoints add or remove realm bindings without rewriting the rest of the token configuration. Both operations are idempotent: re-adding an existing realm or removing a missing realm returns success without modification.
Atomically add a realm ID to an auth token.
Name In Type Required Description idpath string Yes Auth token ID
Field Type Required Description realm_idstring Yes Realm ID to add to the token (24-character hex) otp_codestring No TOTP code (6 digits) or backup code (10 alphanumeric). Required if 2FA is enabled on the account.
curl -X POST https://api.hoody.com/api/v1/auth/tokens/507f1f77bcf86cd799439011/add-realm \
-H " Authorization: Bearer <token> " \
-H " Content-Type: application/json " \
"realm_id": "507f1f77bcf86cd799439033"
const { data } = await client . api . authTokens . addRealm ( {
id: " 507f1f77bcf86cd799439011 " ,
realm_id: " 507f1f77bcf86cd799439033 "
"message" : " Realm added to auth token " ,
"id" : " 507f1f77bcf86cd799439011 " ,
"alias" : " Production API Key " ,
"ip_whitelist" : [ " 192.168.1.0/24 " , " 10.0.0.1 " ],
"realm_ids" : [ " 507f1f77bcf86cd799439011 " , " 507f1f77bcf86cd799439033 " ],
"containers" : { "read" : true , "create" : true }
"expires_at" : " 2025-12-31T23:59:59.000Z " ,
"last_used_at" : " 2025-10-28T12:00:00.000Z " ,
"last_used_ip" : " 198.51.100.1 " ,
"created_at" : " 2025-01-15T10:30:00.000Z " ,
"updated_at" : " 2025-01-20T11:15:00.000Z "
"message" : " 2FA verification required for this operation "
Error Code Title Description Resolution OTP_REQUIRED2FA verification required This operation requires 2FA verification because your account has 2FA enabled Provide an otp_code field with a valid TOTP code or backup code INVALID_REALM_ID_FORMATInvalid realm ID format Realm IDs must be 24-character hexadecimal strings Ensure all realm IDs are valid 24-character hex strings (e.g., 507f1f77bcf86cd799439011)
"message" : " Authentication token required "
"message" : " Authentication token not found "
Atomically remove a realm ID from an auth token. Idempotent: removing a realm that is not currently bound returns success without modification.
Name In Type Required Description idpath string Yes Auth token ID
Field Type Required Description realm_idstring Yes Realm ID to remove from the token (24-character hex) otp_codestring No TOTP code (6 digits) or backup code (10 alphanumeric). Required if 2FA is enabled on the account.
curl -X POST https://api.hoody.com/api/v1/auth/tokens/507f1f77bcf86cd799439011/remove-realm \
-H " Authorization: Bearer <token> " \
-H " Content-Type: application/json " \
"realm_id": "507f1f77bcf86cd799439033"
const { data } = await client . api . authTokens . removeRealm ( {
id: " 507f1f77bcf86cd799439011 " ,
realm_id: " 507f1f77bcf86cd799439033 "
"message" : " Realm removed from auth token " ,
"id" : " 507f1f77bcf86cd799439011 " ,
"alias" : " Production API Key " ,
"ip_whitelist" : [ " 192.168.1.0/24 " , " 10.0.0.1 " ],
"realm_ids" : [ " 507f1f77bcf86cd799439011 " ],
"containers" : { "read" : true , "create" : true }
"expires_at" : " 2025-12-31T23:59:59.000Z " ,
"last_used_at" : " 2025-10-28T12:00:00.000Z " ,
"last_used_ip" : " 198.51.100.1 " ,
"created_at" : " 2025-01-15T10:30:00.000Z " ,
"updated_at" : " 2025-01-20T11:30:00.000Z "
"message" : " 2FA verification required for this operation "
Error Code Title Description Resolution OTP_REQUIRED2FA verification required This operation requires 2FA verification because your account has 2FA enabled Provide an otp_code field with a valid TOTP code or backup code INVALID_REALM_ID_FORMATInvalid realm ID format Realm IDs must be 24-character hexadecimal strings Ensure all realm IDs are valid 24-character hex strings (e.g., 507f1f77bcf86cd799439011)
"message" : " Authentication token required "
"message" : " Authentication token not found "
Tokens can carry an optional ED25519 public key and an arbitrary JSON profile blob (public_storage, max 64KB). These are resolved via the public key, allowing third parties to look up a token’s public profile without holding the secret.
Resolve and retrieve an auth token public profile by its ED25519 public key.
Name In Type Required Description public_keypath string Yes ED25519 public key to resolve (64 hex characters)
curl -X GET https://api.hoody.com/api/v1/auth/tokens/public-profiles/a1b2c3d4e5f6789012345678901234567890abcdefabcdefabcdefabcdef1234 \
-H " Authorization: Bearer <token> "
const { data } = await client . api . authTokens . getPublicProfile ( {
public_key: " a1b2c3d4e5f6789012345678901234567890abcdefabcdefabcdefabcdef1234 "
"message" : " Public profile retrieved successfully " ,
"public_key" : " a1b2c3d4e5f6789012345678901234567890abcdefabcdefabcdefabcdef1234 " ,
"username_hint" : " acme-team " ,
"avatar" : " https://cdn.example.com/avatar.png "
"message" : " Invalid public key format "
Error Code Title Description Resolution VALIDATION_ERRORInvalid input parameters One or more request parameters failed validation Check the error message for specific field requirements and correct your input INVALID_PUBLIC_KEY_FORMATInvalid public key format Public key must be exactly 64 hexadecimal characters (ED25519 format) Provide a valid 64-character ED25519 public key in hexadecimal format
"message" : " Authentication token required "
Error Code Title Description Resolution MISSING_TOKENAuthentication token missing No authentication token was provided in the request Include a valid JWT token in the Authorization header as Bearer <token> INVALID_TOKENInvalid authentication token The provided authentication token is malformed or invalid Obtain a new token by logging in again or using a valid auth token TOKEN_EXPIREDAuthentication token expired The provided authentication token has expired Obtain a new token by logging in again or refreshing your session
"message" : " Authentication token not found "
Error Code Title Description Resolution TOKEN_NOT_FOUNDAuthentication token not found The requested authentication token does not exist or has been deleted Verify the token ID is correct and that the token still exists
Update the currently authenticated token’s public_key and/or public_storage. Requires the resources.auth_token_public_profile permission on the token. At least one of public_key or public_storage must be provided. Pass null to clear either field.
This endpoint takes no path, query, or header parameters.
Field Type Required Description public_keystring | null No New ED25519 public key (64 hex chars), or null to clear public_storageobject | null No New public profile payload (max 64KB), or null to clear
curl -X PATCH https://api.hoody.com/api/v1/auth/tokens/me/public-profile \
-H " Authorization: Bearer <token> " \
-H " Content-Type: application/json " \
"public_key": "a1b2c3d4e5f6789012345678901234567890abcdefabcdefabcdefabcdef1234",
"username_hint": "acme-team",
"avatar": "https://cdn.example.com/avatar.png"
const { data } = await client . api . authTokens . updatePublicProfile ( {
public_key: " a1b2c3d4e5f6789012345678901234567890abcdefabcdefabcdefabcdef1234 " ,
username_hint: " acme-team " ,
avatar: " https://cdn.example.com/avatar.png "
"message" : " Public profile updated successfully " ,
"id" : " 507f1f77bcf86cd799439011 " ,
"alias" : " External Customer Token " ,
"public_key" : " a1b2c3d4e5f6789012345678901234567890abcdefabcdefabcdefabcdef1234 " ,
"username_hint" : " acme-team " ,
"avatar" : " https://cdn.example.com/avatar.png "
"realm_ids" : [ " 507f1f77bcf86cd799439012 " ],
"containers" : { "read" : true , "create" : true },
"resources" : { "realms" : true , "auth_token_public_profile" : true }
"created_at" : " 2025-01-15T10:30:00.000Z " ,
"updated_at" : " 2025-01-20T12:00:00.000Z "
"message" : " Validation failed "
Error Code Title Description Resolution VALIDATION_ERRORInvalid input parameters One or more request parameters failed validation Check the error message for specific field requirements and correct your input INVALID_PUBLIC_KEY_FORMATInvalid public key format Public key must be exactly 64 hexadecimal characters (ED25519 format) Provide a valid 64-character ED25519 public key in hexadecimal format PUBLIC_STORAGE_TOO_LARGEPublic storage exceeds size limit public_storage must not exceed 64KB serialized JSONReduce the size of the public storage payload and retry
"message" : " Authentication token required "
Error Code Title Description Resolution MISSING_TOKENAuthentication token missing No authentication token was provided in the request Include a valid JWT token in the Authorization header as Bearer <token> INVALID_TOKENInvalid authentication token The provided authentication token is malformed or invalid Obtain a new token by logging in again or using a valid auth token TOKEN_EXPIREDAuthentication token expired The provided authentication token has expired Obtain a new token by logging in again or refreshing your session
"message" : " Insufficient permissions "
Error Code Title Description Resolution INSUFFICIENT_PERMISSIONSInsufficient permissions You do not have the required permissions to perform this action Contact the resource owner or administrator to request access