Create Override Token

curl -X POST http://localhost:8001/tokens/override \
  -H "Content-Type: application/json" \
  -d '{
    "customer_id": "550e8400-e29b-41d4-a716-446655440000",
    "event_id": "evt-a1b2c3d4-5678-9012-abcd-ef3456789012",
    "allowed_decisions": ["approve", "reject"],
    "reason": "High-risk data access flagged by scoring pipeline",
    "ttl_minutes": 5
  }'

{
  "token": "qt_override_eyJhbGciOiJFUzI1NiIs...",
  "jti": "f4a5b6c7-d8e9-0123-f012-456789012cde",
  "event_id": "evt-a1b2c3d4-5678-9012-abcd-ef3456789012",
  "expires_at": "2026-03-01T00:05:00Z"
}

POST

http://localhost:8001

tokens

override

curl -X POST http://localhost:8001/tokens/override \
  -H "Content-Type: application/json" \
  -d '{
    "customer_id": "550e8400-e29b-41d4-a716-446655440000",
    "event_id": "evt-a1b2c3d4-5678-9012-abcd-ef3456789012",
    "allowed_decisions": ["approve", "reject"],
    "reason": "High-risk data access flagged by scoring pipeline",
    "ttl_minutes": 5
  }'

{
  "token": "qt_override_eyJhbGciOiJFUzI1NiIs...",
  "jti": "f4a5b6c7-d8e9-0123-f012-456789012cde",
  "event_id": "evt-a1b2c3d4-5678-9012-abcd-ef3456789012",
  "expires_at": "2026-03-01T00:05:00Z"
}

The auth service is deployed on a private network. All endpoints except /health are internal management-plane operations.

Request Body

customer_id

string

required

UUID of the customer.

event_id

string

required

UUID of the event that was flagged for manual review.

allowed_decisions

string[]

default:"[\"approve\", \"reject\"]"

Permitted decisions for this override. Defaults to both approve and reject.

reason

string

Reason for creating the override token (e.g., High-risk data access flagged by scoring pipeline).

ttl_minutes

integer

Time-to-live in minutes. Defaults to 5.

Response

token

string

The override token string, prefixed with qt_override_. This is an ES256-signed JWT.

jti

string

Unique token identifier. Used as the override_jti parameter when submitting a decision.

event_id

string

The event identifier echoed back.

expires_at

datetime

ISO 8601 expiration timestamp.

curl -X POST http://localhost:8001/tokens/override \
  -H "Content-Type: application/json" \
  -d '{
    "customer_id": "550e8400-e29b-41d4-a716-446655440000",
    "event_id": "evt-a1b2c3d4-5678-9012-abcd-ef3456789012",
    "allowed_decisions": ["approve", "reject"],
    "reason": "High-risk data access flagged by scoring pipeline",
    "ttl_minutes": 5
  }'

{
  "token": "qt_override_eyJhbGciOiJFUzI1NiIs...",
  "jti": "f4a5b6c7-d8e9-0123-f012-456789012cde",
  "event_id": "evt-a1b2c3d4-5678-9012-abcd-ef3456789012",
  "expires_at": "2026-03-01T00:05:00Z"
}

Create Session Token Generate Signing Key

⌘I

Auth Service

Auth Endpoints — Tokens

Auth Endpoints — Keys

Auth Endpoints — Revocation

Auth Endpoints — Webhooks & Overrides

Create Override Token

Request Body

Response

Auth Service

Auth Endpoints — Tokens

Auth Endpoints — Keys

Auth Endpoints — Revocation

Auth Endpoints — Webhooks & Overrides

​Request Body

​Response

Request Body

Response