Register Device Token

To perform the following call, the REST client must generate an EC key pair and provide the EC public key in JWK form (see RFC7517 for JWK).
The private key must be stored securely in the client and must be suitable to use the configured JWT signing algorithm i.e. ES256, ES256K, ES384 or ES512 (see RFC7518 for algorithm names and RFC7519 for JWT).

The serial ID and the label are optional and only used for device token management in order to "recognize" a device token.

HTTP Request: Register device token public key

POST /auth-login/rest/protected/my/tokens/device-tokens/

	"data" : {
		"attributes" : {
		    "label" : "My iPhone 9",
		    "serial" : "abcd28287462910299374",
		    "publicJwk" : {
			    "crv" : "P-521",
			    "x" : "APH6qoL85V5FLvzlxUDrIiBiBRRh0utD35l6mk2cNEVvgv113KaMIruC7rhKqnkDSpPGGdXVVjc4X2TQje4R3QQ6",
			    "y" : "ARZsiXSiHWq0UghIFqWLBhh6sq4Lf11o_qXWESlIE1PapKfkJRhU8ThskAdO3k8tL9ESBI0AbrLXttVne-kyF8CN",
			    "kty" : "EC"
		"type" : "my.token.device-token.add"

HTTP Response: Reflects registered device token

HTTP/1.1 200 OK

    "meta": {
        "type": "jsonapi.metadata.document",
        "timestamp": "2018-02-13T09:26:26.884+01:00"
    "data": {
        "type": "my.token.device-token",
        "id": "110",
        "attributes": {
            "validTo": "2018-03-15T09:26:26.789+01:00",
            "serial": "abcd28287462910299374",
            "label": "My iPhone 9"

The REST client must store the device token ID - 110 in the above example - with the private key. It is needed when using the key in device token authentication (see below).

The validTo attribute tells the REST client how long the device token is valid. After the valid-to date, IAM will no longer accept the device token and the REST client must register a new key (or re-register the same).