# Create authentication token (Simplified)

Universal token creation with consistent token-in-body pattern:
        
        USER AUTHENTICATION:
        - Header: X-API-Key (tenant identification)
        - Body: { authToken: "jwt_from_provider", authType?: "user" }
        - Returns: User session with PERS JWT tokens
        
        ADMIN AUTHENTICATION:
        - Header: X-API-Key (tenant identification)
        - Body: { authToken: "firebase_jwt", authType: "tenant" }
        - Returns: Admin session with PERS JWT tokens

        All authentication now uses consistent API key + token-in-body pattern.

Endpoint: POST /auth/token
Version: 2.0.5
Security: projectKey

## Request fields (application/json):

  - `authToken` (string, required)
    Authentication token from WebAuthn provider (e.g., PERS Signer API)
    Example: "eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9..."

  - `authType` (string)
    Authentication context type - explicitly declares intent for admin vs user auth
    Enum: "user", "business", "tenant", "system", "external"

## Response 200 fields (application/json):

  - `accessToken` (string, required)
    JWT access token this token is used to authenticate the user, by default it expires in 15 minutes, and it should be sent in the Authorization header as Bearer token.

  - `refreshToken` (string, required)
    JWT refresh token this token is used to get a new access token when the current one expires. It is valid for 1 day.


## Response 400 fields

## Response 401 fields