> ## Documentation Index
> Fetch the complete documentation index at: https://docs.dolfinai.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Create auth code

> Issue a short-lived authorisation code that a user can exchange for an access token. The token covers every organisation the user belongs to; the runtime org is selected via the x-dolfin-organisation-id header (ADR-003).



## OpenAPI

````yaml /api-reference/openapi.json post /auth/codes
openapi: 3.1.1
info:
  title: Dolfin API
  description: >-
    Dolfin API for AR & AP. Authenticate using the `x-dolfin-api-key` header
    with the API key distributed to your organisation.
  version: v1
servers:
  - url: https://api.dolfinai.co
    description: Production
security:
  - {}
tags:
  - name: Webhooks
  - name: Users
  - name: TaxRates
  - name: Suppliers
  - name: Supplier Credit Notes
  - name: Bills
  - name: SpendCategories
  - name: Payables
  - name: RecurringInvoices
  - name: Receivables
  - name: Purchase Orders
  - name: Products
  - name: Payments
  - name: Invoices
  - name: Organisations
  - name: Members
  - name: MCP
  - name: Matching
  - name: Invoice Reminders
  - name: Industries
  - name: Gmail
  - name: Delivery Notes
  - name: Customers
  - name: Currencies
  - name: Credit Notes
  - name: Clients
  - name: ClientInvites
  - name: BankPayments
  - name: Bank details
  - name: Auth
  - name: ApprovalPolicies
  - name: ApiKeys
  - name: Agent
paths:
  /auth/codes:
    post:
      tags:
        - Auth
      summary: Create auth code
      description: >-
        Issue a short-lived authorisation code that a user can exchange for an
        access token. The token covers every organisation the user belongs to;
        the runtime org is selected via the x-dolfin-organisation-id header
        (ADR-003).
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateAuthCodeRequest'
        required: true
      responses:
        '201':
          description: Created
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CreateAuthCodeResponse'
        '400':
          description: User.MissingUserId — user ID is required
          content:
            application/problem+json:
              schema:
                $ref: '#/components/schemas/ProblemDetails'
        '404':
          description: >-
            User.NotInClient — user is not a member of any organisation under
            this client
          content:
            application/problem+json:
              schema:
                $ref: '#/components/schemas/ProblemDetails'
components:
  schemas:
    CreateAuthCodeRequest:
      type: object
      properties:
        userId:
          type: string
          format: uuid
    CreateAuthCodeResponse:
      required:
        - code
      type: object
      properties:
        code:
          type: string
        expiresAt:
          type: string
          format: date-time
    ProblemDetails:
      type: object
      properties:
        type:
          type:
            - 'null'
            - string
        title:
          type:
            - 'null'
            - string
        status:
          pattern: ^-?(?:0|[1-9]\d*)$
          type:
            - 'null'
            - integer
            - string
          format: int32
        detail:
          type:
            - 'null'
            - string
        instance:
          type:
            - 'null'
            - string

````