Generate Autograb SSO token
POST
/api/v1/autograb/tokens
const url = 'https://dashboard.dealerstudio.com.au/api/v1/autograb/tokens';const options = { method: 'POST', headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'}, body: '{"email":"example"}'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request POST \ --url https://dashboard.dealerstudio.com.au/api/v1/autograb/tokens \ --header 'Authorization: Bearer <token>' \ --header 'Content-Type: application/json' \ --data '{ "email": "example" }'Called server-to-server by Autograb when a user clicks “Sign in with Autograb”. DS looks up the user by email, generates a short-lived opaque token, stores it in Redis with a 10-minute TTL, and returns a redirect_url for AG to send the user’s browser to. Requires the create:autograb_token permission.
Authorizations
Section titled “Authorizations ”Request Body
Section titled “Request Body ” Media type application/json
object
email
required
Email address of the Autograb user
string
Example generated
{ "email": "example"}Responses
Section titled “ Responses ”Token generated — redirect_url ready for browser redirect
Media type application/json
object
redirect_url
required
Full URL for AG to redirect the user’s browser to
string
expires_at
required
ISO8601 expiry timestamp
string format: date-time
Example generated
{ "redirect_url": "example", "expires_at": "2026-04-15T12:00:00Z"}Email param missing
Media type application/json
object
error
string
Example
{ "error": "email_required"}Unauthorized - invalid API key
Forbidden - missing create:autograb_token permission
No DS account for this email
Media type application/json
object
error
string
Example
{ "error": "no_ds_account"}