> ## Documentation Index
> Fetch the complete documentation index at: https://docs.revdesk.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Mint a bounded client token

> Issues a short-lived, downscoped token (rdc_…) that is safe to ship into an untrusted client app. The token is restricted to the from_numbers (caller IDs) and to_numbers (destinations) you specify, so it can only place calls within those bounds — never from any number to any number. Present it on the same Authorization: Bearer header in place of your API key; the WebRTC SDK accepts it directly. The token's bounds must fall within this key's own number allowlist and its scopes; it is stateless and revoked by expiry. This endpoint requires a real API key — a minted token cannot mint further tokens.



## OpenAPI

````yaml /openapi.json post /v1/client-tokens
openapi: 3.1.0
info:
  title: RevDesk v1 API
  version: 1.0.0
  description: >-
    Programmatic access to the RevDesk voice platform — calls, numbers, caller
    trust, and brands.
  contact:
    name: RevDesk
    email: support@revdesk.com
servers:
  - url: https://api.revdesk.com
security:
  - bearerAuth: []
tags:
  - name: Phone Numbers
  - name: Caller IDs
  - name: Enterprise Registration
  - name: Branded Calling
  - name: Calls
  - name: SMS
  - name: WebRTC
  - name: Reputation
  - name: Usage
  - name: Account
  - name: Agents
  - name: Documents
  - name: Sub-entities
paths:
  /v1/client-tokens:
    post:
      tags:
        - WebRTC
      summary: Mint a bounded client token
      description: >-
        Issues a short-lived, downscoped token (rdc_…) that is safe to ship into
        an untrusted client app. The token is restricted to the from_numbers
        (caller IDs) and to_numbers (destinations) you specify, so it can only
        place calls within those bounds — never from any number to any number.
        Present it on the same Authorization: Bearer header in place of your API
        key; the WebRTC SDK accepts it directly. The token's bounds must fall
        within this key's own number allowlist and its scopes; it is stateless
        and revoked by expiry. This endpoint requires a real API key — a minted
        token cannot mint further tokens.
      operationId: v1_client_tokens_post
      parameters:
        - name: Idempotency-Key
          in: header
          required: false
          description: >-
            UUID — when present, deduplicates repeat submissions. See
            /api-reference/idempotency.
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $schema: http://json-schema.org/draft-07/schema#
              type: object
              properties:
                from_numbers:
                  minItems: 1
                  maxItems: 50
                  type: array
                  items:
                    type: string
                    pattern: ^\+[1-9]\d{1,14}$
                to_numbers:
                  maxItems: 200
                  type: array
                  items:
                    type: string
                    pattern: ^\+[1-9]\d{1,14}$
                scopes:
                  type: array
                  items:
                    type: string
                    enum:
                      - account:read
                      - voice:read
                      - voice:write
                      - voice:webrtc
                      - calls:read
                      - calls:write
                      - agents:read
                      - agents:write
                      - phone_numbers:read
                      - phone_numbers:write
                      - sms:read
                      - sms:write
                      - caller_trust:read
                      - caller_trust:write
                      - brand:read
                      - brand:write
                      - sub_entities:read
                      - sub_entities:write
                      - usage:read
                      - tokens:mint
                ttl_seconds:
                  type: integer
                  minimum: 60
                  maximum: 3600
              required:
                - from_numbers
              additionalProperties: false
      responses:
        '200':
          description: Success
          content:
            application/json:
              schema:
                $schema: http://json-schema.org/draft-07/schema#
                type: object
                properties:
                  data:
                    type: object
                    properties:
                      token:
                        type: string
                      expires_in:
                        type: number
                      from_numbers:
                        type: array
                        items:
                          type: string
                      to_numbers:
                        type: array
                        items:
                          type: string
                      scopes:
                        type: array
                        items:
                          type: string
                    required:
                      - token
                      - expires_in
                      - from_numbers
                      - to_numbers
                      - scopes
                    additionalProperties: false
                required:
                  - data
                additionalProperties: false
        '400':
          description: Validation error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorEnvelope'
        '401':
          description: Unauthorized
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorEnvelope'
        '403':
          description: Forbidden
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorEnvelope'
        '404':
          description: Not found
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorEnvelope'
        '409':
          description: Conflict (incl. idempotency conflicts)
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorEnvelope'
        '429':
          description: Rate limited
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorEnvelope'
components:
  schemas:
    ErrorEnvelope:
      type: object
      properties:
        error:
          type: object
          required:
            - code
            - message
          properties:
            code:
              type: string
            message:
              type: string
            fields:
              type: object
              additionalProperties:
                type: string
            doc_url:
              type: string
              format: uri
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer

````