> ## Documentation Index > Fetch the complete documentation index at: https://developer.rocket.chat/llms.txt > Use this file to discover all available pages before exploring further. # Create Users Token > As a workspace admin, you can create temporary authentication tokens for users. This is the same type of session authentication token a user gets via login and expires the same way. * To use this endpoint, you must set a secret with the `CREATE_TOKENS_FOR_USERS_SECRET` environment variable in your deployment configuration. This secret will be used to authorize all requests made to this endpoint. * For SaaS workspaces, contact support to set this variable. * Permission required: `user-generate-access-token` * The maximum number of login tokens per user is 50. See this GitHub PR for details. ### Changelog | Version | Description | | ---------------- | ------------| |8.0.0 | Added `CREATE_TOKENS_FOR_USERS_SECRET` environment variable to define a shared secret that will be used to authorize this endpoint.| |2.1.0 | Added ENV VAR to be able to use this endpoint (process.env.CREATE_TOKENS_FOR_USERS). | |0.56.0 | Added | ## OpenAPI ````json POST /api/v1/users.createToken { "openapi": "3.0.0", "info": { "version": "1.0.0", "title": "User Management" }, "servers": [ { "url": "https://apiexplorer.support.rocket.chat" } ], "tags": [ { "name": "LDAP" }, { "name": "Permissions" }, { "name": "Roles" }, { "name": "Users" } ], "paths": { "/api/v1/users.createToken": { "parameters": [], "post": { "tags": [ "Users" ], "summary": "Create Users Token", "description": "As a workspace admin, you can create temporary authentication tokens for users. This is the same type of session authentication token a user gets via login and expires the same way.\n* To use this endpoint, you must set a secret with the `CREATE_TOKENS_FOR_USERS_SECRET` environment variable in your deployment configuration. This secret will be used to authorize all requests made to this endpoint.\n* For SaaS workspaces, contact support to set this variable.\n* Permission required: `user-generate-access-token`\n* The maximum number of login tokens per user is 50. See this GitHub PR for details.\n \n### Changelog\n | Version | Description |\n | ---------------- | ------------|\n |8.0.0 | Added `CREATE_TOKENS_FOR_USERS_SECRET` environment variable to define a shared secret that will be used to authorize this endpoint.|\n |2.1.0 | Added ENV VAR to be able to use this endpoint (process.env.CREATE_TOKENS_FOR_USERS). |\n |0.56.0 | Added |", "operationId": "post-api-v1-users.createToken", "parameters": [ { "$ref": "#/components/parameters/Auth-Token" }, { "$ref": "#/components/parameters/UserId" } ], "requestBody": { "content": { "application/json": { "schema": { "type": "object", "properties": { "userId": { "type": "string", "description": "The ID of the user you want to generate a token for.", "example": "BsNr28znDkG8aeo7W" }, "secret": { "type": "string", "description": "The secret defined in the `CREATE_TOKENS_FOR_USERS_SECRET` environment variable. Without the valid secret, you can't access this endpoint.", "example": "pass123" } }, "required": [ "userId", "secret" ] }, "examples": { "Example": { "value": { "userId": "BsNr28znDkG8aeo7W", "secret": "pass123" } } } } } }, "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "type": "object", "properties": { "data": { "type": "object", "properties": { "userId": { "type": "string" }, "authToken": { "type": "string" } } }, "success": { "type": "boolean" } } }, "examples": { "Success Example": { "value": { "data": { "userId": "BsNr28znDkG8aeo7W", "authToken": "2jdk99wuSjXPO201XlAks9sjDjAhSJmskAKW301mSuj9Sk" }, "success": "true" } } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "type": "object", "properties": { "success": { "type": "boolean" }, "error": { "type": "string" }, "errorType": { "type": "string" } } }, "examples": { "Invalid user": { "value": { "success": "false", "error": "The required \"userId\" or \"username\" param was not provided [error-user-param-not-provided]", "errorType": "error-user-param-not-provided" } }, "Invalid secret": { "value": { "success": "false", "error": "Not authorized [error-not-authorized]", "errorType": "error-not-authorized" } } } } } }, "401": { "$ref": "#/components/responses/authorizationError" } } } } }, "components": { "parameters": { "Auth-Token": { "name": "X-Auth-Token", "in": "header", "description": "The authenticated user token.", "required": "true", "schema": { "type": "string" }, "example": "RScctEHSmLGZGywfIhWyRpyofhKOiMoUIpimhvheU3f" }, "UserId": { "name": "X-User-Id", "in": "header", "description": "The authenticated user ID.", "required": "true", "schema": { "type": "string" }, "example": "rbAXPnMktTFbNpwtJ" } }, "responses": { "authorizationError": { "description": "Unauthorized", "content": { "application/json": { "schema": { "type": "object", "properties": { "status": { "type": "string" }, "message": { "type": "string" } } }, "examples": { "Authorization Error": { "value": { "status": "error", "message": "You must be logged in to do this." } } } } } } } } } ````