Request a Short-Lived Token

  • Updated on Sep 15, 2025
  • Published on Sep 3, 2025
  • 1 minute(s) read
Prev Next

After creating an end user, the next step is for your client to request a short-lived token from your server.

This token is what allows your front-end to securely communicate with MindCloud on behalf of that end user. Tokens are temporary and must be refreshed when they expire — the SDK provides helpers to easily check the expiration.

  1. Get a Short-Lived Token

From your server, make a request to MindCloud’s API for a token. Authenticate using your API Key. 

curl -X GET "https://embedded.mindcloud.co/v1/users/<End User ID>/token" \
  -H "Authorization: Bearer <API Key>" \
  -H "Content-Type: application/json"

# → { token: "eyJhbGciOi..." }

Full API Docs

  1. Set the Token in the Client SDK

After receiving the token, pass it to your client and set it in the SDK.

const mindCloud = window.MindCloud();
mindCloud.setToken(token); // as returned from the GET token request

You can now use all methods of the client SDK to talk to MindCloud, authenticated as that end user.

Full Client SDK Docs

  1. Manage Token Expiration

Your token will expire every 10 minutes. It is your responsibility to manage this and refresh the client’s token as needed. This involves:

  1. Checking when your token will expire,

  2. Requesting and setting a new token only when expiry is soon.

The SDK provides two utility methods:

  • mindCloud.getTokenExpiration() → Returns a Date object with the token’s expiration, or null if there is no token

  • mindCloud.setToken(token) → Stores the token inside the SDK for future calls.

const expiresIn = mindCloud.getTokenExpiration();
if (!expiresIn || (expiresIn.getTime() - Date.now()) < 60 * 1000) {
  const { token } = await fetchUserToken(userId); // get a refreshed token from your backend
  mindCloud.setToken(token);
}

Next: