API module for Unit API Tokens (Org, Customer, Cardholder).
Token hierarchy
- Org tokens — long-lived, server-side; never expose to clients
- Customer tokens — scoped bearer tokens for front-end use (max 24 hours)
- Cardholder tokens — single-card-scoped for sensitive card operations
Two-factor authentication
Some scopes require 2FA. First call create_customer_token_verification/3 to
send an OTP to the customer's phone, then pass the received verification_token
and the 6-digit verification_code to create_customer_token/3.
In sandbox, use passcode 000001.
Summary
Functions
Create a cardholder bearer token for a specific card.
Create a customer bearer token.
Create a customer token verification (sends OTP to customer's phone).
Create an org API token.
List all org tokens for a user.
Revoke an org token.
Functions
@spec create_cardholder_token(String.t(), map(), keyword()) :: {:ok, Unit.Resource.Token.t()} | {:error, term()}
Create a cardholder bearer token for a specific card.
Params
:scope— e.g."cards"(required):expires_in,:verification_token,:verification_code
@spec create_customer_token(String.t(), map(), keyword()) :: {:ok, Unit.Resource.Token.t()} | {:error, term()}
Create a customer bearer token.
Params
:scope— space-delimited scopes (e.g."customers accounts transactions"):expires_in— lifetime in seconds (max 86400):verification_token/:verification_code— required for 2FA scopes:resources— restrict token to specific resource IDs
@spec create_customer_token_verification(String.t(), map(), keyword()) :: {:ok, map()} | {:error, term()}
Create a customer token verification (sends OTP to customer's phone).
Returns a verificationToken to pass to create_customer_token/3.
Params
:channel—"sms"(default) or"call":phone— override phone number
@spec create_org_token(String.t(), map(), keyword()) :: {:ok, Unit.Resource.Token.t()} | {:error, term()}
Create an org API token.
@spec list_org_tokens( String.t(), keyword() ) :: {:ok, [Unit.Resource.Token.t()], map()} | {:error, term()}
List all org tokens for a user.
Revoke an org token.