ApiTokenService handles the partner self-service token lifecycle: capability checks, token derivation, listing active tokens, and revocation.
Token derivation and capability queries require a Privy identity token. The SDK does not obtain this token for you — your application must authenticate the partner via Privy and pass the resulting token.
Access
The service is available on the rootClient:
Get partner capabilities
Check whether token management is enabled and which scopes are allowed:Derive a token
Create a new scoped API token. Thesecret is returned once — store it securely.
Create an HMAC-authenticated client
After deriving a token, create a new client with those HMAC credentials:scopes is omitted when deriving the token, the backend defaults it to ["trading"].