SDK API - Issuance of SDK Short-lived Token #
1. API Overview #
Purpose #
Securely invoke APIs within the EBP SDK environment without exposing the ebp-signature or access key. A security token must be obtained first by calling this API, and the acquired token should be included in the X-SDK-Token HTTP request header for subsequent API calls.
Details #
| Item | Value |
|---|---|
| API Name | Issuance of SDK Short-lived Token |
| API Path | /api/v2/sdk/token |
| HTTP Method | POST |
| Region | Global |
The issued short-lived token is valid only for a predefined duration from its time of creation. Once expired, it cannot be used.
Store front-end applications must not call this API directly. To maintain security and prevent exposure of signatures, tokens must be securely issued through the Store back-end and then passed to the EBP SDK.
2. Request Specifications #
2.1 Request Headers #
For detailed header information, please refer to the Common Headers documentation.
2.2 Request Data Schema #
This API does not require a request body.
2.3 Request Example #
POST /api/v2/sdk/token HTTP/1.1
Host: devkic-payapi.nebp.lge.com
Content-Length: 0
3. Response Specifications #
3.1 Response Data Schema #
| depth | Field | Details & Description |
|---|---|---|
| 0 | token | 🔴 Required
A short-lived secure token string, safely packed (Base64 Url Safe encoded) using the AES-128 encryption algorithm. |
3.2 Response Example #
{
"resultCode": "0",
"message": "SUCCESS",
"requestId": "06F4W5V4F1DB47BH58VVMD95VC",
"timestamp": "2026-05-29T07:05:54.000Z",
"data": {
"token": "eyJhbGciOiJ-MTI[Encrypted Short-lived Secure Token]"
}
}
4. Applicable SDK APIs #
A list of APIs for direct invocation by the EBP SDK that mandatorily require this short-lived secure token (X-SDK-Token).
| API Name | HTTP Method | API Path |
|---|---|---|
| Billing Capacity API | GET | /api/v2/sdk/payments/capacity |