Skip to main content
POST
/
{locale}
/
shop
/
ably
/
token
curl -X POST "https://staging-api.loyalty.lt/en/shop/ably/token" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: your_api_key" \
  -H "X-API-Secret: your_api_secret" \
  -d '{
    "session_id": "550e8400-e29b-41d4-a716-446655440000"
  }'

{
  "success": true,
  "data": {
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "expires": 1702234500,
    "channel": "qr-login:550e8400-e29b-41d4-a716-446655440000",
    "session_type": "login"
  }
}

Ably Token Generation

Generate secure Ably JWT tokens for subscribing to real-time events. Supports both QR Login and QR Card Scan session types.

Supported Session Types

Session TypeChannel FormatUse Case
loginqr-login:{session_id}User authentication via QR code
card_scanqr-card:{session_id}Customer identification at POS

Endpoint

POST /{locale}/shop/ably/token

Authentication

X-API-Key
string
required
API key from Partners Portal
X-API-Secret
string
required
API secret from Partners Portal

Request Body

session_id
string
required
The session ID (UUID) from either:
  • POST /shop/auth/qr-login/generate for QR Login
  • POST /shop/qr-card/generate for QR Card Scan
user_id
integer
Optional. User ID for extended permissions. When provided, grants access to user-{user_id} channel for shopping sessions.
shopping_session_id
string
Optional. Shopping session ID for extended permissions. When provided, grants access to session-{shopping_session_id} channel.

Response

success
boolean
Indicates if token was generated successfully
data
object
curl -X POST "https://staging-api.loyalty.lt/en/shop/ably/token" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: your_api_key" \
  -H "X-API-Secret: your_api_secret" \
  -d '{
    "session_id": "550e8400-e29b-41d4-a716-446655440000"
  }'

{
  "success": true,
  "data": {
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "expires": 1702234500,
    "channel": "qr-login:550e8400-e29b-41d4-a716-446655440000",
    "session_type": "login"
  }
}

Token Capabilities

The generated token grants the following Ably capabilities:
ChannelCapabilitiesDescription
Primary session channelsubscribe, publish, history, presenceQR session events
user-{user_id} (if provided)subscribe, publish, history, presenceShopping session events
session-{session_id} (if provided)subscribe, publish, history, presenceReal-time session updates
session-*subscribe, publish, history, presenceCreate new shopping sessions
Extended channels (user-*, session-*) are only included when user_id and/or shopping_session_id are provided in the request.

Error Codes

CodeDescriptionHTTP Status
AUTH_FORBIDDENInvalid or missing API credentials403
RESOURCE_NOT_FOUNDSession not found or doesn’t belong to partner404
RESOURCE_EXPIREDSession has expired410
INTERNAL_ERRORAbly not configured or token generation failed500

Best Practices

Use SDK Method

Use sdk.createAblyClientOptions() for automatic token renewal

Use Response Channel

Always use the channel from the response rather than constructing it manually

Check Session Type

Use session_type to determine which events to subscribe to

Error Handling

Handle 410 (expired) errors by generating a new QR session
The JavaScript SDK’s createAblyClientOptions() method includes authCallback for automatic token renewal. You don’t need to manually refresh tokens.