# Create public access token Creates a public access token for SDK authentication. This endpoint must be called from your secure backend server using your merchant credentials. The returned access token can be safely used in client-side applications to authenticate with the ChicksX SDK. Security: Never expose your merchant-api-key or merchant-client-id in client-side code. Endpoint: POST /public_token/create Version: 1.0.0 Security: MerchantAuth ## Header parameters: - `merchant-client-id` (string, required) Your merchant client identifier (must be kept secure) ## Request fields (application/json): - `scope` (array) Array of permission scopes for the token Example: ["wallet.read","merchant.read"] - `sessionId` (string) Optional session identifier for tracking Example: "session-123abc" ## Response 201 fields (application/json): - `code` (string) Result code indicating the operation status Example: "OK" - `data` (object) Response data payload - `data.accessToken` (string) JWT access token for SDK authentication Example: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9..." - `data.tokenType` (string) Token type Example: "Bearer" - `data.expiresIn` (integer) Token lifetime in seconds Example: 3600 - `data.expiresAt` (integer) Unix timestamp when token expires Example: 1696531200 - `data.scope` (array) Granted permission scopes Example: ["wallet.read","merchant.read"] - `data.jti` (string) Unique token identifier (JWT ID) Example: "f47ac10b-58cc-4372-a567-0e02b2c3d479" - `message` (string) Human-readable response message Example: "Operation completed successfully" ## Response 400 fields (application/json): - `code` (string) Error code Example: "INVALID_INPUT" - `message` (string) Error message Example: "Invalid JSON in request body" ## Response 401 fields (application/json): - `code` (string) Error code Example: "INVALID_INPUT" - `message` (string) Error message Example: "Invalid JSON in request body" ## Response 500 fields (application/json): - `code` (string) Error code Example: "INVALID_INPUT" - `message` (string) Error message Example: "Invalid JSON in request body"