Skip to main content
POST
/
token
/
descope
Descope Token
curl --request POST \
  --url https://sandbox.axle.insure/token/descope \
  --header 'Content-Type: application/json' \
  --header 'x-access-token: <x-access-token>' \
  --header 'x-client-id: <x-client-id>' \
  --header 'x-client-secret: <api-key>' \
  --data '{
  "scope": "monitoring"
}'
{
  "success": true,
  "data": {
    "accessToken": "<string>"
  }
}

When to de-scope monitoring on an access token

After de-scoping monitoring for a given access token, you will no longer receive notifications for Account or Policy events related to the insurance account linked to that access token. How and when you de-scope depends on what you passed in as user.id during Start Ignition:
  • If you passed a user ID to user.id:
    • De-scope the access token when you want to stop receiving notifications for the user’s insurance account across all entities.
    For example, if a user offboards from your platform entirely, you should de-scope monitoring on their access token to stop tracking their account across all associated trips, loans, or reservations.
    • De-scope an access token if a returning user connects a new insurance account
    For example, if a user switches insurance carriers, when they link their new insurance account, a new access token will be generated. You should compare the new access token against the one you have stored for the user, and if they differ, the old access token should be de-scoped.
  • If you passed an entity ID (e.g. trip, loan number, reservation) to user.id:
    • De-scope the access token when the lifetime of that entity is over, and you no longer want to track insurance for it.
    For example, if the user’s insurance account was linked for a trip and the trip has ended, you should de-scope the access token associated with that trip.
    • De-scope an access token if a returning user links a new insurance account during the lifetime of the entity
    For example, if a user switches insurance carriers during the lifetime of a tracked loan, when they link their new insurance account, a new access token will be generated. The old access token should be de-scoped so that you stop receiving monitoring notifications for the old account.

Authorizations

x-client-secret
string
header
required

Your secret API key. This will be shared with you during onboarding and should be considered sensitive - it’s a password after all! Your secret will be matched with your client ID to authenticate your requests.

Headers

x-client-id
string
required

Your client ID. This will be shared with you during onboarding.

x-destination-client-id
string

The client ID of the destination client. This is optional and only used by platform clients. See the Axle for Platforms guide for more information.

x-access-token
string
required

The access token required for access to the requested Account. Returned as part of Exchange Token.

Body

application/json
scope
enum<string>
required

Scope to descope from the access token.

Available options:
monitoring

Response

success
boolean

Indicates whether the operation was performed successfully.

Example:

true

data
object