In scenarios where finer control over client authentication is required, IDWise offers a time-limited client token via the /v2/generate-client-token API.

The client token is short-lived and generated dynamically by your backend—granting you full control over when and how users can initiate verification.

What Is a Client Token?

The client token is a time-limited key that can be used in place of a regular client API key for starting journeys on the client side. It supports all SDK operations but expires automatically after the specified duration (Configured via the expires_in parameter in the API).

This mechanism resembles the OAuth flow, where your backend authorizes the frontend to act on behalf of the user for a short, controlled session.

When to Use It

Use the client token when:

• You want backend control over when a user can initiate a journey.
• You want to avoid storing permanent keys in frontend code (for better security).
• You need to bind the session to specific users, environments, or use cases.
• You want to prevent abuse or unsolicited client access.