perform.chat
Auth for Chat

Token Generation

How to generate authentication tokens

Endpoint

POST https://api.performchat.com/rest/v1/auth/token

Request Body

Parameters

ParameterTypeRequiredDescription
keyIdstringYesYour API key ID
keySecretstringYesYour API key secret
userIdstringYesYour user's ID from your system
agentIdstringYesThe ID of the AI agent to connect to
expiresInstringNoToken expiration time (default: 24h)

Example Request

{
  "keyId": "pk_your_key_id",
  "keySecret": "sk_your_secret_key",
  "userId": "user_123_from_your_system",
  "agentId": "agent_abc",
  "expiresIn": "1h" // Optional - defaults to 24h
}

Expiration Time Format

The expiresIn parameter accepts the following formats:

FormatDescriptionExample
sSeconds"3600s" = 1 hour
mMinutes"30m" = 30 minutes
hHours"24h" = 24 hours (default)
dDays"7d" = 7 days

Examples:

  • "15m" - Short-lived token (15 minutes)
  • "1h" - Standard token (1 hour)
  • "24h" - Default (24 hours)
  • "7d" - Long-lived token (7 days)

Note: Shorter expiration times provide better security, especially for sensitive operations. Consider using 15m or 1h for high-security scenarios.

Response

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "customerUser": {
    "id": "cm4abc123xyz", // ⚠️ SAVE THIS for token invalidation!
    "externalId": "user_123_from_your_system",
    "companyId": "your_company_id",
    "agentId": "agent_abc"
  },
  "agent": {
    "id": "agent_abc",
    "name": "Customer Support Agent",
    "active": true
  },
  "apiKey": {
    "id": "key_id",
    "name": "Production API Key",
    "environment": "production"
  }
}

Important: Store Customer User ID

You MUST store the user.id from the response to be able to invalidate tokens later. This is the internal database ID required for the invalidation endpoint.

const response = await generateToken(userId)

// Store in your database
await db.users.update({
  where: { externalId: userId },
  data: {
    performChatToken: response.token,
    performChatUserId: response.customerUser.id // ⚠️ Save this!
  }
})

See Token Invalidation for details.

Token Expiration

  • Default lifetime: 24 hours (if expiresIn not specified)
  • Customizable: Use expiresIn parameter to set custom expiration
  • Recommended approach: Generate tokens on-demand, not in advance
  • Best practice: Use shorter expiration times for security (15m - 1h)
  • Long-lived tokens: Only use for trusted environments (7d)

API Keys

Managing your API credentials

Token Invalidation

Invalidate JWT tokens using token versioning

On this page

EndpointRequest BodyParametersExample RequestExpiration Time FormatResponseImportant: Store Customer User IDToken Expiration