Import
import { createSessionToken } from '@keystoneos/node';
Usage
import { KeystoneClient } from '@keystoneos/sdk';
import { createSessionToken } from '@keystoneos/node';
const keystone = new KeystoneClient({
clientId: process.env.KEYSTONE_CLIENT_ID,
clientSecret: process.env.KEYSTONE_CLIENT_SECRET,
environment: 'production',
});
// In your API route handler
app.post('/api/keystone/session', async (req, res) => {
const session = await createSessionToken(keystone, {
scopes: ['settlements:read', 'settlements:write'],
metadata: { userId: req.user.id, email: req.user.email },
});
res.json({ token: session.sessionToken, expiresAt: session.expiresAt });
});
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
client | object | Yes | A configured KeystoneClient or compatible object. |
options | CreateSessionTokenOptions | Yes | Token configuration. |
CreateSessionTokenOptions
| Property | Type | Required | Default | Description |
|---|---|---|---|---|
scopes | string[] | Yes | - | Permissions for the token. |
expiresIn | number | No | 3600 | TTL in seconds (60 to 86400). |
settlementIds | string[] | No | - | Restrict to specific settlements. |
metadata | object | No | - | Audit trail context (user ID, email, etc.). |
Available Scopes
| Scope | Description |
|---|---|
settlements:read | List and view settlements. |
settlements:write | Create settlements, compliance decisions. |
templates:read | List and view templates. |
instructions:read | List and view instructions. |
instructions:write | Submit and cancel instructions. |
Return Type
interface SessionTokenResponse {
sessionToken: string; // The JWT to pass to KeystoneProvider
expiresAt: string; // ISO 8601 expiry timestamp
tokenId: string; // Token ID for revocation
}
Scoped Tokens
Restrict a token to specific settlement IDs for least-privilege access:const session = await createSessionToken(keystone, {
scopes: ['settlements:read'],
settlementIds: [settlementId],
metadata: { userId: req.user.id },
});