# Exchange API key for tokens

Verify an ECDSA P-256 signature and issue JWT tokens. The client signs
the message  with their private key using ES256.
The timestamp must be within ±30 seconds of the server time.


Endpoint: POST /api-key/token
Version: 1.0.0

## Request fields (application/json):

  - `key_id` (string, required)
    The API key ID

  - `timestamp` (integer, required)
    Current Unix timestamp (must be within ±30s of server time)

  - `signature` (string, required)
    Base64url-encoded ECDSA P-256 signature of

## Response 200 fields (application/json):

  - `access_token` (string, required)
    JWT access token

  - `refresh_token` (string, required)
    JWT refresh token

  - `expires_in` (string, required)
    Access token expiration timestamp

  - `token_type` (string, required)
    Token type (always "Bearer")
    Example: "Bearer"

## Response 400 fields (application/json):

  - `message` (string, required)
    Error message

## Response 401 fields (application/json):

  - `message` (string, required)
    Error message

## Response 500 fields (application/json):

  - `message` (string, required)
    Error message