JWT Tokens
The token endpoint is used to exchange your API key for a JWT token that must be included in all subsequent API requests. Tokens are valid for 24 hours after issuance.
Get Token
Use this endpoint to generate a JWT token using your API key.
Request Body
| Name | Type | Description | Required |
|---|---|---|---|
| apiKey | string | API Key obtained from the Paper portal at app.paperinvest.io | Yes |
Request
POST
/v1/auth/tokencurl -X POST 'https://api.paperinvest.io/v1/auth/token' \
-H 'Content-Type: application/json' \
-d '{"apiKey": "YOUR_API_KEY"}'
Success Response
JSON
200 OK{
"createdAt": "2025-06-05T04:35:32.211Z",
"updatedAt": "2025-06-05T04:35:32.211Z",
"tokenId": "a01b7ed8-fc93-4c5e-af16-c4ed9256d5a0",
"hashedKey": "32b6bf9d9b64728491c15923602f128371fa8c285fff5cb81bf5ba8c55bd7397",
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJoYXNoZWRLZXkiOiIzMmI2YmY5ZDliNjQ3Mjg0OTFjMTU5MjM2MDJmMTI4MzcxZmE4YzI4NWZmZjVjYjgxYmY1YmE4YzU1YmQ3Mzk3IiwiaWF0IjoxNzQ5MDk4MTMyLCJleHAiOjE3NDkxODQ1MzJ9.Zl6H_DUDU_0CZawBerf2TZOiXVMkaqK72BBMcTNQO8o"
}
Error Responses
Invalid API Key
JSON
401 Unauthorized{
"statusCode": 401,
"message": "Invalid API Key"
}
Using the Token
Once you have obtained a token, include it in the Authorization header of all subsequent API requests:
Authorization Header
HTTP
HeadersAuthorization: Bearer YOUR_JWT_TOKEN
Important Notes
- Tokens expire after 24 hours
- The
tokenfield contains your JWT token - this is what you'll use in the Authorization header - If you receive a 401 Unauthorized response during normal API usage, your token may have expired
- Generate API keys from the settings page at app.paperinvest.io