Skip to main content
POST
/
api
/
v1
/
data-export
/
scoped-token
JavaScript
import Stigg from '@stigg/typescript';

const client = new Stigg({
  apiKey: process.env['STIGG_API_KEY'], // This is the default and can be omitted
});

const response = await client.v1.events.dataExport.mintScopedToken({ applicationOrigin: 'x' });

console.log(response.data);
{
  "data": {
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3OTk5OTk5OTl9.signature",
    "expiresAt": "2026-06-04T13:00:00.000Z",
    "providerMetadata": {
      "recipientId": "rec_3c5d7e9f1b2a",
      "enabledModels": [
        "customers",
        "subscriptions"
      ]
    }
  }
}

Authorizations

X-API-KEY
string
header
required

Server API Key

Headers

X-ACCOUNT-ID
string

Account ID — optional when authenticating with a user JWT (Bearer token); falls back to the user's first membership. Ignored for API-key auth.

X-ENVIRONMENT-ID
string

Environment ID — required when authenticating with a user JWT (Bearer token) on environment-scoped endpoints. Ignored for API-key auth (env is intrinsic to the key).

Body

application/json

Mint a scoped JWT for the FE embedded SDK.

applicationOrigin
string
required

FE origin the resulting JWT is bound to (provider-side anti-fraud)

Required string length: 1 - 255
destinationType
string

Pin the token to a specific warehouse connect flow

Maximum string length: 255

Response

Scoped token + expiry + provider-specific metadata for the FE SDK.

Response object

data
DataExportScopedTokenResponse · object
required

Scoped token + expiry + provider-specific metadata for the FE SDK.