# Authorization ## Create or renew a test API key (Sandbox only) > Public endpoint available only in non-production environments (Sandbox) \ > to create or renew a test API key for a client identified by phone.\ > \ > Requirements:\ > \- The phone number must be registered in the Client Portal (EBC): > \- UA key generation is currently not supported\ > \ > Behavior:\ > \- If a key already exists and is Active, a repeated call within the same day \ > will return the same key\ > \- If expired, the key will be reactivated with a new expiration date\ > \- If deleted by cleanup, a new key will be created\ > \- Only one active key is allowed per phone, limited to one request per day\ > \ > Next step:\ > After receiving the apiKey, you must generate a temporary JWT by calling \ > \[GET /clients/authorization]\(). The JWT is required for all authorized requests. \ > Paste the jwt into the \*\*\[Authorize]\(\* dialog under the \`JWT\` scheme \ > in this documentation to enable Try-it-out.\
\ > \ > šŸ”¹\*\*Description of control elements:\*\*\ > \ > \*\*SCHEMA\*\*\
\ > Displays the full technical structure of the request or response, including field names, data types, required fields, allowed values, and validation rules.\ > \- \*\*Single line description\*\*\
\ > A description that fits into a single line; any text that does not fit remains hidden.\ > \- \*\*Multiline description\*\*\
\ > An expanded description that displays more than one line of text.\ > \ > \*\*EXAMPLE\*\*\
\ > Shows a ready-made sample JSON with correctly formatted values to demonstrate how a valid request or response should look.
```json {"openapi":"3.0.0","info":{"title":"API Nova Post","version":"1.0.0"},"tags":[{"name":"Authorization"}],"servers":[{"description":"sandbox","url":"https://api-stage.novapost.pl/v.1.0/"},{"description":"production","url":"https://api.novapost.com/v.1.0/"}],"security":[],"paths":{"/test-api-keys":{"post":{"tags":["Authorization"],"summary":"Create or renew a test API key (Sandbox only)","description":"Public endpoint available only in non-production environments (Sandbox) \nto create or renew a test API key for a client identified by phone.\n\nRequirements:\n- The phone number must be registered in the Client Portal (EBC): https://my.novapost.com/\n- UA key generation is currently not supported\n\nBehavior:\n- If a key already exists and is Active, a repeated call within the same day \n will return the same key\n- If expired, the key will be reactivated with a new expiration date\n- If deleted by cleanup, a new key will be created\n- Only one active key is allowed per phone, limited to one request per day\n\nNext step:\nAfter receiving the apiKey, you must generate a temporary JWT by calling \n[GET /clients/authorization](https://api-portal.novapost.com/novaposhta-docs/integration-guide/how-to-generate-a-jwt-token). The JWT is required for all authorized requests. \nPaste the jwt into the **[Authorize](https://api.novapost.com/developers/index.html#auth)** dialog under the `JWT` scheme \nin this documentation to enable Try-it-out.
\n\nšŸ”¹**Description of control elements:**\n\n**SCHEMA**
\nDisplays the full technical structure of the request or response, including field names, data types, required fields, allowed values, and validation rules.\n- **Single line description**
\n A description that fits into a single line; any text that does not fit remains hidden.\n- **Multiline description**
\n An expanded description that displays more than one line of text.\n\n**EXAMPLE**
\nShows a ready-made sample JSON with correctly formatted values to demonstrate how a valid request or response should look.\n","requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","additionalProperties":false,"required":["phone"],"properties":{"phone":{"type":"string","description":"Phone number registered in EBC. Format like 49XXXXXXXXX (no '+'). UA keys generation is currently not supported."}}}}}},"responses":{"200":{"description":"Test API key created or returned","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TestApiKeyResponse"}}}},"400":{"description":"Validation error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"Client not found in EBC","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"409":{"description":"Multiple matching clients found in EBC","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"429":{"description":"Daily limit exceeded for this user (one request per day)","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"503":{"$ref":"#/components/responses/Time-out"}}}}},"components":{"schemas":{"TestApiKeyResponse":{"type":"object","additionalProperties":false,"required":["apiKey","createdAt","expDate","status"],"properties":{"apiKey":{"type":"string","description":"Test API key for Stage usage only."},"createdAt":{"type":"string","format":"date-time"},"expDate":{"type":"string","format":"date-time"},"status":{"type":"string","enum":["Active","Expired"]}}},"ErrorResponse":{"type":"object","additionalProperties":false,"required":["success","errors"],"properties":{"success":{"type":"boolean"},"errors":{"type":"array","items":{"type":"string"}}}},"Error":{"type":"object","properties":{"errors":{"type":"object","properties":{"":{"type":"string"}}}}}},"responses":{"Time-out":{"description":"Connection time-out","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}} ``` ## Generate a temporary JWT-token > Issues a temporary JWT-token for making authorized API requests. \ > A valid apiKey must be provided as a query parameter.\ > \ > How to obtain an apiKey:\ > \- In Sandbox, use POST \`/test-api-keys\` with a registered phone number \ > from the Client Portal (EBC): > \- In PROD, use your personal apiKey provided by your manager\ > \ > Usage:\ > \- Call GET \`/clients/authorization?apiKey={apiKey}\`\ > \- On success, copy the jwt from the response\ > \- Open the \*\*\[Authorize]\(\* dialog in this documentation, select the \`JWT\` scheme, \ > and paste the jwt\ > \- All Try-it-out requests will then automatically include \ > \`Authorization: {jwt}\`\ > \ > Notes:\ > \- The jwt is valid for \~1 hour; request a new one after expiry\ > \- Do not store jwt beyond its TTL\ > \- The \`/test-api-keys\` route is not available in PROD\
\ > \ > šŸ”¹\*\*Description of control elements:\*\*\ > \ > \*\*SCHEMA\*\*\
\ > Displays the full technical structure of the request or response, including field names, data types, required fields, allowed values, and validation rules.\ > \- \*\*Single line description\*\*\
\ > A description that fits into a single line; any text that does not fit remains hidden.\ > \- \*\*Multiline description\*\*\
\ > An expanded description that displays more than one line of text.\ > \ > \*\*EXAMPLE\*\*\
\ > Shows a ready-made sample JSON with correctly formatted values to demonstrate how a valid request or response should look.
```json {"openapi":"3.0.0","info":{"version":"1.0.0"},"tags":[],"servers":[{"description":"sandbox","url":"https://api-stage.novapost.pl/v.1.0/"},{"description":"production","url":"https://api.novapost.com/v.1.0/"}],"paths":{"/clients/authorization":{"get":{"tags":["Authorization"],"summary":"Generate a temporary JWT-token","description":"Issues a temporary JWT-token for making authorized API requests. \nA valid apiKey must be provided as a query parameter.\n\nHow to obtain an apiKey:\n- In Sandbox, use POST `/test-api-keys` with a registered phone number \n from the Client Portal (EBC): https://my.novapost.com/\n- In PROD, use your personal apiKey provided by your manager\n\nUsage:\n- Call GET `/clients/authorization?apiKey={apiKey}`\n- On success, copy the jwt from the response\n- Open the **[Authorize](https://api.novapost.com/developers/index.html#auth)** dialog in this documentation, select the `JWT` scheme, \n and paste the jwt\n- All Try-it-out requests will then automatically include \n `Authorization: {jwt}`\n\nNotes:\n- The jwt is valid for ~1 hour; request a new one after expiry\n- Do not store jwt beyond its TTL\n- The `/test-api-keys` route is not available in PROD
\n\nšŸ”¹**Description of control elements:**\n\n**SCHEMA**
\nDisplays the full technical structure of the request or response, including field names, data types, required fields, allowed values, and validation rules.\n- **Single line description**
\n A description that fits into a single line; any text that does not fit remains hidden.\n- **Multiline description**
\n An expanded description that displays more than one line of text.\n\n**EXAMPLE**
\nShows a ready-made sample JSON with correctly formatted values to demonstrate how a valid request or response should look.\n","parameters":[{"in":"query","required":true,"name":"apiKey","schema":{"type":"string"},"description":"To utilize this method, a personal API key is required."}],"responses":{"200":{"description":"JWT-token","content":{"application/json":{"schema":{"type":"object","properties":{"jwt":{"type":"string","description":"Personal JWT-token, expires after one hour to prevent any fraud, requiring a new request to generate a fresh token.","format":"json"}}}}}},"401":{"$ref":"#/components/responses/Unauthorized"},"422":{"$ref":"#/components/responses/Validation"},"503":{"$ref":"#/components/responses/Time-out"}}}}},"components":{"responses":{"Unauthorized":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"Validation":{"description":"Validation error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"Time-out":{"description":"Connection time-out","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}},"schemas":{"Error":{"type":"object","properties":{"errors":{"type":"object","properties":{"":{"type":"string"}}}}}}}} ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://api-portal.novapost.com/metodi-1/methods/authorization.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.