> ## Documentation Index
> Fetch the complete documentation index at: https://docs.getdialed.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Mint a stream token

> Mints a short-lived (60s) HS256 token scoped to a single execution or job you own, for use with the SSE stream endpoints. A browser `EventSource` cannot send auth headers, so the token is passed via the `?token=` query parameter on the stream — see the [Stream executions guide](/guides/stream-executions). A missing or cross-tenant resource returns 404, never 403. Returns 503 when stream auth is not configured on the server.



## OpenAPI

````yaml /openapi.json post /auth/stream-token
openapi: 3.1.0
info:
  title: GetDialed Flows API
  version: 0.1.0
servers:
  - url: https://api.getdialed.ai/flows
    description: Production
  - url: http://localhost:8000
    description: Local development
security: []
paths:
  /auth/stream-token:
    post:
      tags:
        - auth
      summary: Mint a stream token
      description: >-
        Mints a short-lived (60s) HS256 token scoped to a single execution or
        job you own, for use with the SSE stream endpoints. A browser
        `EventSource` cannot send auth headers, so the token is passed via the
        `?token=` query parameter on the stream — see the [Stream executions
        guide](/guides/stream-executions). A missing or cross-tenant resource
        returns 404, never 403. Returns 503 when stream auth is not configured
        on the server.
      operationId: create_stream_token_auth_stream_token_post
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/StreamTokenRequest'
        required: true
      responses:
        '200':
          description: Successful Response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/StreamTokenResponse'
        '401':
          description: Missing or invalid authentication
          content:
            application/json:
              example:
                detail: Authentication required
        '404':
          description: >-
            Resource not found — also returned on cross-tenant access (never
            403)
          content:
            application/json:
              example:
                detail: Resource not found
        '422':
          description: Validation error (see body for field details)
          content:
            application/json:
              example:
                detail: Validation error
        '503':
          description: Stream auth not configured (stream_token_secret unset)
          content:
            application/json:
              example:
                detail: Stream auth not configured
      security:
        - APIKeyHeader: []
        - HTTPBearer: []
components:
  schemas:
    StreamTokenRequest:
      properties:
        resource_type:
          type: string
          enum:
            - execution
            - job
          title: Resource Type
        resource_id:
          type: string
          title: Resource Id
      type: object
      required:
        - resource_type
        - resource_id
      title: StreamTokenRequest
      description: V5-validated mint request — resource_type is a closed set.
      example:
        resource_id: exec_1a2b3c4d
        resource_type: execution
    StreamTokenResponse:
      properties:
        token:
          type: string
          title: Token
      type: object
      required:
        - token
      title: StreamTokenResponse
      example:
        token: eyJ...
  securitySchemes:
    APIKeyHeader:
      type: apiKey
      in: header
      name: X-API-Key
    HTTPBearer:
      type: http
      scheme: bearer
      bearerFormat: JWT

````