Skip to main content
POST
/
api
/
v1
/
authentication
/
api-key
/
exchange-token
Python (SDK)
from mka1 import SDK


with SDK(
    bearer_auth="<YOUR_BEARER_TOKEN_HERE>",
) as sdk:

    res = sdk.auth.api_key.get_jwt_from_key(body={
        "audience": "https://my-awesome-website.com",
        "external_user_id": "the-user-id-in-your-system",
        "permissions": [
            "agent:create",
            "agent:read",
        ],
    })

    # Handle response
    print(res)
{
  "token": "the-jwt-token"
}

Documentation Index

Fetch the complete documentation index at: https://docs.mka1.com/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

Gateway auth: send Authorization: Bearer <mka1-api-key>. For multi-user server-side integrations, you can also send X-On-Behalf-Of: <external-user-id>.

Headers

X-On-Behalf-Of
string

Optional external end-user identifier forwarded by the API gateway.

Body

application/json
audience
string<uri>
required

JWT audience (aud) claim for the exchanged token. Set this to the target API/service URL that should accept the token.

externalUserId
string
required

Your external user identifier to place in the JWT subject (sub) claim. Must be 1–150 printable-ASCII characters and not the wildcard *.

Required string length: 1 - 150
Pattern: ^[\x20-\x7E]+$
expiresIn
number
default:3600

Token lifetime in seconds. Must be between 300 (5 minutes) and 2592000 (30 days). Defaults to 3600 (1 hour).

Required range: 300 <= x <= 2592000
permissions
string[]

Optional subset of API key permissions to embed in the token. If omitted, all API key permissions are used.

Response

Successfully exchanged API key for a JWT token

token
string
required

Signed JWT exchange token to use when calling downstream services.