Skip to main content
The ApiTokenService handles the partner self-service token lifecycle: checking capabilities, deriving tokens, listing active tokens, and revoking them.
Token derivation and capability queries require a Privy identity token. The SDK does not obtain this token for you — your application must authenticate the partner via Privy and pass the resulting token.

Access

The service is available on the root Client:

Get partner capabilities

Check whether token management is enabled and which scopes are allowed.

Derive a token

Create a new scoped API token. The secret is returned once — store it securely.

Creating an HMAC-authenticated client

After deriving a token, create a new Client with the HMAC credentials:
If scopes is omitted, the token defaults to ['trading']. Requested scopes must be a subset of the partner’s allowed_scopes.

List active tokens

Returns all non-revoked tokens for the authenticated partner.

Revoke a token

Immediately invalidates a token. This cannot be undone.

Scope constants

The SDK exports typed scope constants: