Staff Token (deprecated) POST




This method is used to fetch an account staff member's authentication token, in exchange for their email address and password. For this method to successfully return a token:

  • The app must be installed and enabled in the account
  • The app must not be suspended or archived
  • The app must have the distribution type staff
  • The account administrator must authorize the staff member to use the app
  • The staff credentials must be valid

Note that staff members do not need the API permission to fetch their staff token; this is overridden by the explicit authorisation to use a given app.

Headers are required to identify the app. Both public and private apps must send their app reference in a header named brightpearl-app-ref. Public apps must also send their developer reference in the brightpearl-dev-ref header.


Fetch a staff token from the account acmewidgets.

Request URI


Request body

	"apiAccountCredentials": {
		"email": "",
		"password": "test123"


	"response": "NGIzOGM4OTgtOWE1Zi00Y2E3LTg0OTEtM2M1YzMyODg0ZWNi"