> ## Documentation Index
> Fetch the complete documentation index at: https://docs.dolfinai.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Mint a sandbox-handoff auth code

> Authenticated portal users (or any Bearer caller with org access) can exchange this for a session JWT scoped to one Org. Returns the code + URL the portal should open.



## OpenAPI

````yaml /api-reference/openapi.json post /auth/sandbox-handoff
openapi: 3.1.1
info:
  title: Dolfin API
  description: >-
    Dolfin API for AR & AP. Authenticate using the `x-dolfin-api-key` header
    with the API key distributed to your organisation.
  version: v1
servers:
  - url: https://api.dolfinai.co
    description: Production
security:
  - {}
tags:
  - name: Webhooks
  - name: Users
  - name: TaxRates
  - name: Suppliers
  - name: Supplier Credit Notes
  - name: Bills
  - name: SpendCategories
  - name: Payables
  - name: RecurringInvoices
  - name: Receivables
  - name: Purchase Orders
  - name: Products
  - name: Payments
  - name: Invoices
  - name: Organisations
  - name: Members
  - name: MCP
  - name: Matching
  - name: Invoice Reminders
  - name: Industries
  - name: Gmail
  - name: Delivery Notes
  - name: Customers
  - name: Currencies
  - name: Credit Notes
  - name: Clients
  - name: ClientInvites
  - name: BankPayments
  - name: Bank details
  - name: Auth
  - name: ApprovalPolicies
  - name: ApiKeys
  - name: Agent
paths:
  /auth/sandbox-handoff:
    post:
      tags:
        - Auth
      summary: Mint a sandbox-handoff auth code
      description: >-
        Authenticated portal users (or any Bearer caller with org access) can
        exchange this for a session JWT scoped to one Org. Returns the code +
        URL the portal should open.
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/SandboxHandoffRequest'
        required: true
      responses:
        '201':
          description: Created
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SandboxHandoffResponse'
        '400':
          description: Handoff.MissingOrganisationId — body's organisationId is empty
          content:
            application/problem+json:
              schema:
                $ref: '#/components/schemas/ProblemDetails'
        '403':
          description: >-
            Handoff.NoOrgAccess — caller lacks UserOrganisation membership and
            is not Admin/Owner of the owning Client
          content:
            application/problem+json:
              schema:
                $ref: '#/components/schemas/ProblemDetails'
        '404':
          description: >-
            Organisation.NotFound — the organisation does not exist or could not
            be resolved
          content:
            application/problem+json:
              schema:
                $ref: '#/components/schemas/ProblemDetails'
      security:
        - {}
components:
  schemas:
    SandboxHandoffRequest:
      required:
        - organisationId
      type: object
      properties:
        organisationId:
          type: string
          format: uuid
    SandboxHandoffResponse:
      required:
        - code
        - sandboxUrl
        - expiresAt
      type: object
      properties:
        code:
          type: string
        sandboxUrl:
          type: string
        expiresAt:
          type: string
          format: date-time
    ProblemDetails:
      type: object
      properties:
        type:
          type:
            - 'null'
            - string
        title:
          type:
            - 'null'
            - string
        status:
          pattern: ^-?(?:0|[1-9]\d*)$
          type:
            - 'null'
            - integer
            - string
          format: int32
        detail:
          type:
            - 'null'
            - string
        instance:
          type:
            - 'null'
            - string

````