Onboarding Token

Copy

• Copy for LLM

  Copy page as Markdown for LLMs
• View as Markdown

  Open this page as Markdown
• Open in ChatGPT

  Get insights from ChatGPT
• Open in Claude

  Get insights from Claude
• Connect to Cursor

  Install MCP server on Cursor
• Connect to VS Code

  Install MCP server on VS Code

The Onboarding Token API endpoint generates a time-bound onboarding token used to invite a data subject (end user) to establish a trusted connection with a Relying Party for the purpose of sharing digital identity data.

The onboarding token enables the initial connection between the data subject (end user) and the Relying Party. However, explicit consent must be granted by the data subject within the SQR mobile application before any identity data is disclosed.

The onboarding token itself does not represent consent; it functions solely as a secure mechanism to initiate the onboarding process and provide a controlled channel through which consent can later be expressed.

• HTTP method: POST
• Path: /v1/onboarding-token
• Requires a valid OAuth 2.0 bearer token with the appropriate scope

Walkthrough

When a Relying Party (RP) wishes to onboard a new data subject (end user) into the SQR ecosystem, it must first issue an onboarding token via this endpoint.

To issue an onboarding token a POST request is sent to the endpoint including the following data solelyubject identifiers as a JSON payload within the request body.

• email (data subject email address)
• first_name (first name of data subject)
• last_name (last name of data subject)

All identifiers are mandatory.

Example JSON payload

{
  "email": "john@example.com",
  "first_name": "John",
  "last_name": "Smith"
}

Upon successful creation, the response body confirms the onboarding token generated.

Example response payload

{
  "onboarding_token": "SNF......"
}

The resultant onboarding token is automatically communicated via email to the data subject using the email address specified within the original request.

Authentication

The Onboarding Token API endpoint requires OAuth 2.0 authentication.

Every request must include a valid access token obtained from the OAuth Token endpoint using the client credentials grant flow.

Each request must include an Authorization header as shown below.

Authorization: Bearer <access_token>

Example

An example request in full including authentication.

Request

POST /v1/user-status
Host: api.sqr-group.com
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6...
Content-Type: application/json

{
  "email": "john@example.com",
  "first_name": "John",
  "last_name": "Smith"
}

Response Body

Excluding headers

{
  "onboarding_token": "TO1xx......"
}