curl --request POST \
  --url https://app.tagadapay.com/api/public/v1/builder/sessions \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "pluginId": "plg_abc123",
  "deploymentId": "dep_xyz789"
}
'

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expiresAt": "2024-01-15T14:30:00.000Z",
  "accountId": "acc_abc123",
  "pluginId": "plg_abc123",
  "deploymentId": "dep_xyz789"
}

builder

Create builder session token

Generate a short-lived JWT token for external builder authentication.

Use Case: When CRM redirects a user to an external page builder, it generates a session token that the builder uses for API calls. This avoids exposing API keys to client-side code.

Token Scoping: Optionally scope the token to specific resources (plugin, deployment, store). If scoped, the token can only access those specific resources.

Expiration: Default is 2 hours. Configurable via expiresIn parameter.

POST

api

public

builder

sessions

curl --request POST \
  --url https://app.tagadapay.com/api/public/v1/builder/sessions \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "pluginId": "plg_abc123",
  "deploymentId": "dep_xyz789"
}
'

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expiresAt": "2024-01-15T14:30:00.000Z",
  "accountId": "acc_abc123",
  "pluginId": "plg_abc123",
  "deploymentId": "dep_xyz789"
}

Authorizations

Authorization

string

header

required

Enter your API key as: Bearer your-api-key

Body

application/json

storeId

string

pluginId

string

deploymentId

string

permissions

enum<string>[]

Available options:

read:source,

write:deploy,

read:manifest,

write:manifest

expiresIn

string

metadata

object

Show child attributes

Response

Successful response

Test authentication Validate builder session token

Documentation Index

Authorizations

Body

Response