POST /v1/token-exchange— simplified, intended for most applicationsPOST /v1/token/exchange— full RFC 8693 exchange for multi-hop chains
POST /v1/token-exchange
The simplified delegation endpoint. Builds SPIFFE IDs from raw identifiers using the authenticated company’s context and issues a signed delegation JWT.
Use this when you want to record “agent X acted on behalf of company Y” without constructing JWT-SVIDs manually.
Request body
Response 201
Error responses
Example
POST /v1/token/exchange
Full RFC 8693 §2 token exchange. Takes two pre-issued JWT-SVIDs and produces a delegation token encoding the full sub/act chain. Both tokens must have been issued by the authenticated company’s key pair.
Use this when building multi-hop delegation chains where each level of the hierarchy needs to be represented in the token.