# Tokens

User token management endpoints for secure access to the Nextvisit platform. Includes login, logout, and token management operations.

## Create a new access token

 - [POST /v1/auth/tokens](https://developers.nextvisit.app/openapi/tokens/apicreatetoken.md): Authenticates a user and issues a new access token. When API token verification is enabled (server configuration), users with enhanced security (2FA enabled or linked social providers like Google/Apple) must complete additional verification. Users with 2FA provide their authenticator code via two_factor_code. Users with linked social providers (without 2FA) receive a 6-digit OTP via email and provide it via otp_code.

## List all access tokens

 - [GET /v1/auth/tokens](https://developers.nextvisit.app/openapi/tokens/apilisttokens.md): Returns a list of the authenticated user's access tokens

## Revoke current token

 - [DELETE /v1/auth/tokens/current](https://developers.nextvisit.app/openapi/tokens/apirevokecurrenttoken.md): Revokes the current access token used for authentication

## Revoke specific token

 - [DELETE /v1/auth/tokens/{id}](https://developers.nextvisit.app/openapi/tokens/apirevoketoken.md): Revokes a specific access token by ID

## Authenticate with Google

 - [POST /v1/auth/google](https://developers.nextvisit.app/openapi/tokens/apigoogleauth.md): Authenticates a user using a Google ID token obtained from Google Sign-In (OAuth 2.0). This endpoint supports tokens from web applications, Chrome extensions, iOS apps, and Android apps. If the user doesn't exist, a new account is automatically created.