Managing authentication tokens

Generate and validate your tokens

The token service can be used to generate a token for specific documents, or to extend the life of a token.

Token generation

The examples below show how to generate user tokens.

Generate a token with a specific lifetime

The example below shows how to generate a token with a configurable lifetime for the authenticated user.


# <CORE_HOST>       FlowerDocs Core base URL
# <TOKEN>           authentication token
# <VALIDITY_TIME>   token validity in seconds

curl -X POST "<CORE_HOST>/rest/token/user?validityTime=<VALIDITY_TIME>" \
  -H "token: <TOKEN>"


    @Autowired
    private TokenService tokenService;

    public String generateToken(long validityTime) throws FunctionalException, TechnicalException
    {
        return service.generate(validityTime);
    }

Generate a new token

The example below generates a new token for the authenticated user.


# <CORE_HOST>  FlowerDocs Core base URL
# <TOKEN>      authentication token

curl -X PUT "<CORE_HOST>/rest/token/user" \
  -H "token: <TOKEN>"


    @Autowired
    private TokenService tokenService;

    public String generateToken() throws FunctionalException, TechnicalException
    {
        return service.generate();
    }


Token generation endpoints ending with /token are deprecated since version 2025.2.0 because they do not return an expiration date.

Generate a token to access documents

The example below generates a new token for the authenticated user to access a list of specific documents.


# <CORE_HOST>      FlowerDocs Core base URL
# <TOKEN>          authentication token
# <DOCUMENT_IDS>   document identifiers for which to generate the token
# <READ_ONLY>      true or false for read-only or non-read-only access

curl -X POST "<CORE_HOST>/rest/token/document/<DOCUMENT_IDS>?readOnly=<READ_ONLY>" \
  -H "token: <TOKEN>"


    @Autowired
    private TokenService tokenService;

    public String generateForDocuments(List<id> ids, boolean readOnly) throws FunctionalException, TechnicalException
    {
        return service.generateForDocuments(ids, readOnly);
    }

Token validation

The example below shows how to validate a token.


# <CORE_HOST>            FlowerDocs Core base URL
# <TOKEN>                authentication token
# <TOKEN_TO_VALIDATE>    the token to validate

curl -X POST "<CORE_HOST>/rest/token/<TOKEN_TO_VALIDATE>" \
  -H "token: <TOKEN>"


    @Autowired
    private TokenService tokenService;

    public String validateToken(String token) throws FunctionalException, TechnicalException
    {
        return service.validate(token);
    }