> ## Documentation Index
> Fetch the complete documentation index at: https://developers.circle.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Create a user token

> Generate user session and SDK secret key.



## OpenAPI

````yaml openapi/user-controlled-wallets.yaml post /v1/w3s/users/token
openapi: 3.0.3
info:
  version: '1.0'
  title: User-Controlled Wallets
  description: User-Controlled Wallets API documentation.
servers:
  - url: https://api.circle.com
security:
  - BearerAuth: []
tags:
  - name: Social/ Email Authentication
  - name: PIN Authentication
  - name: Users
  - name: Wallets
  - name: Transactions
  - name: Token Lookup
  - name: Signing
paths:
  /v1/w3s/users/token:
    post:
      tags:
        - PIN Authentication
      summary: Create a user token
      description: Generate user session and SDK secret key.
      operationId: getUserToken
      parameters:
        - $ref: '#/components/parameters/XRequestId'
      requestBody:
        $ref: '#/components/requestBodies/UserToken'
      responses:
        '200':
          description: Successfully generated a user token.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/UserTokenResponse'
          headers:
            X-Request-Id:
              $ref: '#/components/headers/XRequestId'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/NotAuthorized'
        '404':
          $ref: '#/components/responses/NotFound'
      security:
        - BearerAuth: []
components:
  parameters:
    XRequestId:
      name: X-Request-Id
      in: header
      description: >
        Developer-provided identifier for this request, used for tracing
        requests in Wallets API logs and the Developer Console, and when
        communicating with Circle Support.

        **Must be a UUID to appear in logs.** Non-UUID values are accepted by
        the API but are ignored by logging and tracing systems.
      schema:
        $ref: '#/components/schemas/XRequestId'
  requestBodies:
    UserToken:
      content:
        application/json:
          schema:
            title: UserTokenRequest
            type: object
            required:
              - userId
            properties:
              userId:
                $ref: '#/components/schemas/ExternalUserId'
      description: Request body
      required: true
  schemas:
    UserTokenResponse:
      title: UserTokenResponse
      type: object
      required:
        - data
      properties:
        data:
          type: object
          required:
            - userToken
          properties:
            userToken:
              $ref: '#/components/schemas/UserToken'
            encryptionKey:
              $ref: '#/components/schemas/EncryptionKey'
    XRequestId:
      type: string
      format: uuid
      description: >-
        A unique identifier, which can be helpful for identifying a request when
        communicating with Circle support.
      example: 2adba88e-9d63-44bc-b975-9b6ae3440dde
    ExternalUserId:
      type: string
      description: Unique system generated identifier for the user.
      example: ext_user_id_1
      maxLength: 50
      minLength: 5
    UserToken:
      type: string
      description: >-
        Unique system generated JWT session token. The token will expire after
        60 minutes.
      example: eyJhbGciOiJS...-F8EFYDYjAxIUw
    EncryptionKey:
      type: string
      description: Encryption key to use with the SDK for initiating user challenges.
      example: 7LcOsm4lUAK2Mg...+6fPjr58=
  headers:
    XRequestId:
      description: >
        Developer-provided header parameter or Circle-generated universally
        unique identifier (UUID v4). Useful for identifying a specific request
        when communicating with Circle Support.
      schema:
        $ref: '#/components/schemas/XRequestId'
  responses:
    BadRequest:
      content:
        application/json:
          schema:
            type: object
            title: BadRequestResponse
            required:
              - code
              - message
            properties:
              code:
                type: integer
                description: Code that corresponds to the error.
              message:
                type: string
                description: Message that describes the error.
            example:
              code: 400
              message: Bad request.
      description: Request cannot be processed due to a client error.
      headers:
        X-Request-Id:
          $ref: '#/components/headers/XRequestId'
    NotAuthorized:
      content:
        application/json:
          schema:
            type: object
            title: NotAuthorizedResponse
            required:
              - code
              - message
            properties:
              code:
                type: integer
                description: Code that corresponds to the error.
              message:
                type: string
                description: Message that describes the error.
            example:
              code: 401
              message: Malformed authorization.
      description: >-
        Request has not been applied because it lacks valid authentication
        credentials.
      headers:
        X-Request-Id:
          $ref: '#/components/headers/XRequestId'
    NotFound:
      content:
        application/json:
          schema:
            type: object
            title: NotFoundResponse
            required:
              - code
              - message
            properties:
              code:
                type: integer
                description: Code that corresponds to the error.
              message:
                type: string
                description: Message that describes the error.
            example:
              code: 404
              message: Not found.
      description: Specified resource was not found.
      headers:
        X-Request-Id:
          $ref: '#/components/headers/XRequestId'
  securitySchemes:
    BearerAuth:
      type: http
      scheme: bearer
      bearerFormat: PREFIX:ID:SECRET
      description: >-
        Circle's API Keys are formatted in the following structure
        "PREFIX:ID:SECRET". All three parts are required to make a successful
        request.

````