Skip to main content
GET
/
api
/
auth
/
media
/
customer
Get Media Token
curl --request GET \
  --url https://spaces.nexudus.com/api/auth/media/customer \
  --header 'Authorization: Basic <encoded-value>'
{
  "jwt": "<string>",
  "401 Unauthorized": {}
}

Documentation Index

Fetch the complete documentation index at: https://learn.nexudus.com/llms.txt

Use this file to discover all available pages before exploring further.

Get Media Token

Issues a short-lived JWT scoped to the authenticated customer that can be appended to media URLs (as the t query parameter) to access protected files — such as invoice PDFs, uploaded documents, and other customer-specific media stored by Nexudus.
This token is distinct from the bearer token used for API calls. It is a lightweight media-access credential with a short expiry and must be refreshed before downloading files in long-lived sessions.

Authentication

Requires a valid customer bearer token in the Authorization header.

Request

No request body or query parameters are required. 
GET /api/auth/media/customer
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...

Response

Returns a JwtMedia object.
jwt
string
Short-lived JWT to append as ?t={jwt} when constructing authenticated media URLs. For example: /api/public/billing/invoices/{id}/pdf?t={jwt}.

Example Response

{
  "jwt": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI0MiIsIm..."
}

TypeScript Integration

import endpoints from '@/api/endpoints'
import { useData } from '@/api/fetchData'
import { JwtMedia } from '@/types/JwtMedia'

// The endpoint value is the raw URL string
const mediaTokenUrl = endpoints.system.mediaToken
// => '/api/auth/media/customer'

const { resource: mediaJwt } = useData<JwtMedia>(httpClient, mediaTokenUrl)

// Use the JWT when building a PDF link
const pdfUrl = endpoints.billing.invoices.pdf(invoiceId, mediaJwt)

Usage in Portal

ContextSource file
Invoice PDF downloadsrc/views/billing/invoices/
File downloads (authenticated documents)src/components/AuthenticatedLink.tsx

Error Responses

401 Unauthorized
error
The bearer token is missing, expired, or invalid. The customer must sign in again.
MethodEndpointDescription
GET/api/public/billing/invoices/{invoiceId}/pdfDownload an invoice PDF (requires this token)
POST/api/sys/users/token/refreshObtain an authenticated redirect token
GET/api/public/files/myList files accessible to the current customer