> ## Documentation Index
> Fetch the complete documentation index at: https://docs.spacemedia.uk/llms.txt
> Use this file to discover all available pages before exploring further.

# Create API Token

> Access: API client credential flow.

Authenticate the user and return the user's API token.



## OpenAPI

````yaml /api-reference/openapi.json post /api/v1/token
openapi: 3.1.0
info:
  title: SpaceMedia Public API
  version: 1.0.0
  description: >-
    Production public API reference for SpaceMedia organization admins,
    permitted team members, end users, and API clients. The spec excludes
    SpaceMedia system/backoffice routes and cross-organization selectors.
  contact:
    name: SpaceMedia Support
    email: whitelabel@spacemedia.uk
    url: https://spacemedia.uk/contact
servers:
  - url: https://enterprise.spacemedia.uk
    description: Production
security:
  - bearerAuth: []
tags:
  - name: Authentication
    description: 'Access: API client credential flow.'
    x-mint:
      icon: key
  - name: Account Settings
    description: 'Access: authenticated organization user.'
    x-mint:
      icon: settings
  - name: Reference Data
    description: 'Access: authenticated organization users and API clients.'
    x-mint:
      icon: globe
  - name: Artists
    description: >-
      Access: organization users with artist permissions; `X-User-Id` may target
      a same-organization user where allowed.
    x-mint:
      icon: mic
  - name: Releases
    description: >-
      Access: organization users with release permissions; `X-User-Id` may
      target a same-organization user where allowed.
    x-mint:
      icon: disc
  - name: Tracks
    description: >-
      Access: organization users with track permissions; `X-User-Id` may target
      a same-organization user where allowed.
    x-mint:
      icon: music
  - name: Revenue Splits
    description: >-
      Access: organization users with revenue split permissions; admins see
      organization splits and end users see allowed splits.
    x-mint:
      icon: percent
  - name: User Management
    description: >-
      Access: organization admins or users allowed by user policies.
      Cross-organization selectors are excluded from this public spec.
    x-mint:
      icon: users
  - name: Plans & Upgrades
    description: >-
      Access: organization admins for plan lists; authenticated end users for
      upgrade options.
    x-mint:
      icon: package
  - name: Billing & Checkouts
    description: >-
      Access: authenticated organization users. Gateway availability depends on
      organization settings.
    x-mint:
      icon: credit-card
  - name: Add-On Management
    description: 'Access: organization admins for add-on checkout and lifecycle actions.'
    x-mint:
      icon: blocks
  - name: Copyright Management
    description: >-
      Access: organization admins or users with copyright wallet and release
      access. System-only provider and adjustment actions are excluded.
    x-mint:
      icon: shield-check
  - name: Quality Control
    description: 'Access: organization admins with release processing permission.'
    x-mint:
      icon: clipboard-check
paths:
  /api/v1/token:
    post:
      tags:
        - Authentication
      summary: Create API Token
      description: |-
        Access: API client credential flow.

        Authenticate the user and return the user's API token.
      operationId: authentication
      parameters:
        - name: X-Api-Key
          in: header
          required: true
          description: Organization API key generated in the dashboard.
          schema:
            type: string
          example: <YOUR_API_KEY>
        - name: X-Api-Secret
          in: header
          required: true
          description: Organization API secret generated in the dashboard.
          schema:
            type: string
          example: <YOUR_API_SECRET>
      responses:
        '200':
          description: Success
          content:
            application/json:
              schema:
                type: object
                additionalProperties: true
              example:
                token: 1|demo_sanctum_token_value
                expires_at: '2026-05-18T10:30:00+00:00'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '404':
          $ref: '#/components/responses/NotFound'
        '422':
          $ref: '#/components/responses/ValidationError'
      security:
        - apiKeyAuth: []
          apiSecretAuth: []
components:
  responses:
    Unauthorized:
      description: Unauthorized
      content:
        application/json:
          example:
            success: false
            message: Missing bearer token
    Forbidden:
      description: Forbidden
      content:
        application/json:
          example:
            success: false
            message: This action is unauthorized.
    NotFound:
      description: Not found
      content:
        application/json:
          example:
            success: false
            message: Resource not found
    ValidationError:
      description: Validation error
      content:
        application/json:
          example:
            success: false
            message: Validation failed.
            errors:
              title:
                - The title field is required.
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: Sanctum token
    apiKeyAuth:
      type: apiKey
      in: header
      name: X-Api-Key
    apiSecretAuth:
      type: apiKey
      in: header
      name: X-Api-Secret

````