Skip to main content
The ApiTokenService handles the partner self-service token lifecycle: capability checks, token derivation, listing active tokens, and revocation.
Token derivation and capability queries require a Privy identity token. The SDK does not obtain this token for you — your application must authenticate the partner via Privy and pass the resulting token.

Access

The service is available on the root Client:

Get partner capabilities

Check whether token management is enabled and which scopes are allowed:

Derive a token

Create a new scoped API token. The secret is returned once — store it securely.

Create an HMAC-authenticated client

After deriving a token, create a new client with those HMAC credentials:
If scopes is omitted when deriving the token, the backend defaults it to ["trading"].

List active tokens

Returns all non-revoked tokens for the authenticated partner:

Revoke a token

Immediately invalidate a token:

Scope constants

The Rust SDK exports typed string constants: