Mint an end-user session token

curl --request POST \
  --url https://api.neoagent.io/public-api/sessions \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "session_id": "<string>",
  "allowed_agent_ids": [],
  "client_id": "<string>",
  "end_company_id": "<string>",
  "end_user": "<string>",
  "end_user_email": "<string>",
  "ttl_seconds": 123
}
'

{
  "data": {
    "expires_at": "2023-11-07T05:31:56Z",
    "jti": "<string>",
    "session_id": "<string>",
    "token": "<string>"
  },
  "meta": {
    "request_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "timings_ms": {},
    "pagination": {
      "has_more": true,
      "next_cursor": "<string>"
    },
    "warnings": [
      "<string>"
    ]
  }
}

Chat

Mint an end-user session token

Mints a short-lived JWT bound to one chat session_id. The Teams relay (or any future end-user-facing channel) attaches it as Authorization: Bearer <token> on subsequent /chat/sessions/<session_id>/* calls. Only service-account or dashboard callers can mint; the resulting token cannot mint or revoke.

A platform service account may pass client_id to mint for another tenant, but only when session_id is that tenant’s Neo Support session (otherwise 403); any non-platform caller passing client_id is rejected with 403.

When the session is scoped to an end-company (white-label sessions are, at create), the minted end_company_id claim is taken from the session itself — a caller-supplied value never widens or changes the session’s scope.

POST

public-api

sessions

Mint an end-user session token

curl --request POST \
  --url https://api.neoagent.io/public-api/sessions \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "session_id": "<string>",
  "allowed_agent_ids": [],
  "client_id": "<string>",
  "end_company_id": "<string>",
  "end_user": "<string>",
  "end_user_email": "<string>",
  "ttl_seconds": 123
}
'

{
  "data": {
    "expires_at": "2023-11-07T05:31:56Z",
    "jti": "<string>",
    "session_id": "<string>",
    "token": "<string>"
  },
  "meta": {
    "request_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "timings_ms": {},
    "pagination": {
      "has_more": true,
      "next_cursor": "<string>"
    },
    "warnings": [
      "<string>"
    ]
  }
}

Authorizations

Authorization

string

header

required

Authorization: Bearer <token> where <token> is either a neo_sk_<env>_<secret> API key (service account) or a Microsoft Entra ID access token (dashboard user).

Body

application/json

session_id

string

required

allowed_agent_ids

integer[]

client_id

string | null

Target tenant to mint the token for. Honored only for a platform service account, and only when session_id is that tenant's Neo Support session (otherwise 403); any other caller passing it gets 403. Omit to mint for the caller's own tenant.

end_company_id

string | null

end_user

string | null

end_user_email

string | null

ttl_seconds

integer | null

Response

Success.

data

MintSessionTokenResponse · object

required

Show child attributes