# Token Operations ## Decode File Token Validate a file token without requiring the transmission of a secret passphrase. POST only. **Request:** * requestType is decodeFileToken * file is the path to the file that was signed * token is the token of the file, as generated by [Generate File Token](/pzm/prizm-api/prizm-api-examples.md#generate-file-token) **Response:** * account (S) is the account number that generated the token * accountRS (S) is the Reed-Solomon address of the account * timestamp (N) is the time (in seconds since the genesis block) that the token was generated * valid (B) is true if token is valid, false otherwise * requestProcessingTime (N) is the API request processing time (in millisec) **Note:** Since token contains the token generator's public key and digital signature, file can be validated as signed by the owner of the public key, and the public key determines the account ID. **Example:** Refer to [Decode File Token](/pzm/prizm-api/prizm-api-examples.md#decode-token) example. ## Decode Token Validate a token without requiring the transmission of a secret passphrase. **Request:** * requestType is decodeToken * website is the signed text, typically an authorized URL * token is the token generated by [Generate Token](/pzm/prizm-api/prizm-api-examples.md#generate-token) **Response:** * account (S) is the account number that generated the token * accountRS (S) is the Reed-Solomon address of the account * timestamp (N) is the time (in seconds since the genesis block) that the token was created * valid (B) is true if token is valid, false otherwise * requestProcessingTime (N) is the API request processing time (in millisec) **Note:** Since token contains the token generator's public key and digital signature, website can be validated as authorized by the owner of the public key, and the public key determines the account ID. **Example:** Refer to [Decode Token](/pzm/prizm-api/prizm-api-examples.md#decode-token) example. ## Generate File Token Generate a file token. POST only. **Request:** * requestType is generateFileToken * secretPhrase is the passphrase of the account generating the token * file is the path to the file to be signed **Response:** * token (S) is a 160 character string representing the 100-byte token which consists of a 32-byte public key, a 4-byte timestamp, and a 64-byte digital signature * account (S) is the account number corresponding to secretPhrase * accountRS (S) is the Reed-Solomon address of the account * timestamp (N) is the time (in seconds since the genesis block) that the token was generated * valid (B) is true if token is valid, false otherwise * requestProcessingTime (N) is the API request processing time (in millisec) **Note:** Since token contains the token generator's public key and digital signature, the file can be validated as digitally signed by the owner of the public key using [Decode File Token](/pzm/prizm-api/prizm-api-examples.md#decode-file-token). **Example:** Refer to [Generate File Token](/pzm/prizm-api/prizm-api-examples.md#generate-file-token) example. ## Generate Token Generate a token. POST only. **Request:** * requestType is generateToken * secretPhrase is the passphrase of the account generating the token * website is a web site URL for which authorization should be granted, or general text to be digitally signed **Note:** website is typically a URL (with the leading http\:// unnecessary) that an account owner signs with his secretPhrase (private key) to bind the account to the URL, but website can be any text that the owner wishes to sign. **Response:** * token (S) is a 160 character string representing the 100-byte token which consists of a 32-byte public key, a 4-byte timestamp, and a 64-byte signature * account (S) is the account number corresponding to secretPhrase * accountRS (S) is the Reed-Solomon address of the account * timestamp (N) is the time (in seconds since the genesis block) that the token was generated * valid (B) is true if token is valid, false otherwise * requestProcessingTime (N) is the API request processing time (in millisec) **Note:** Since token contains the token generator's public key and signature, the website can be validated as authorized by the owner of the public key using [Decode Token](/pzm/prizm-api/prizm-api-examples.md#decode-token). **Example:** Refer to [Generate Token](/pzm/prizm-api/prizm-api-examples.md#generate-token) example. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://prizm.gitbook.io/pzm/prizm-api/token-operations.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.