# SDK API - Issuance of SDK Short-lived Token ## 1. API Overview ### Purpose [context] Securely invoke APIs within the EBP SDK environment without exposing the `ebp-signature` or `access key`. A security token must be obtained first by calling this API, and the acquired token should be included in the `X-SDK-Token` HTTP request header for subsequent API calls. [/context] ### Details [table:key-value] | Item | Value | | :-------------- | :-------------------- | | **API Name** | Issuance of SDK Short-lived Token | | **API Path** | /api/v2/sdk/token | | **HTTP Method** | [badge:POST,blue,lg] | | **Region** | [badge:Global,green-subtle,lg] | [/table] > The issued short-lived token is valid only for a predefined duration from its time of creation. Once expired, it cannot be used. > Store front-end applications must not call this API directly. To maintain security and prevent exposure of signatures, tokens must be securely issued through the Store back-end and then passed to the EBP SDK. --- ## 2. Request Specifications ### 2.1 Request Headers @@include:common-headers-link.md@@ ### 2.2 Request Data Schema This API does not require a request body. ### 2.3 Request Example ```http POST /api/v2/sdk/token HTTP/1.1 Host: devkic-payapi.nebp.lge.com Content-Length: 0 ``` --- ## 3. Response Specifications ### 3.1 Response Data Schema | depth | Field | Details & Description | |:------|:----------------------|:----------------------------------------------------------------------------------------------------| | 0 | token | [req:Yes][type:string] [desc:A short-lived secure token string, safely packed (Base64 Url Safe encoded) using the AES-128 encryption algorithm.] | ### 3.2 Response Example ```json { "resultCode": "0", "message": "SUCCESS", "requestId": "06F4W5V4F1DB47BH58VVMD95VC", "timestamp": "2026-05-29T07:05:54.000Z", "data": { "token": "eyJhbGciOiJ-MTI[Encrypted Short-lived Secure Token]" } } ``` --- ## 4. Applicable SDK APIs A list of APIs for direct invocation by the EBP SDK that mandatorily require this short-lived secure token (`X-SDK-Token`). | API Name | HTTP Method | API Path | | :--- | :--- | :--- | | **Billing Capacity API** | [badge:GET,blue,lg] | /api/v2/sdk/payments/capacity |