> ## Documentation Index
> Fetch the complete documentation index at: https://learn.nexudus.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Get Media Token

> Obtain a short-lived JWT that authorises access to protected media files hosted by Nexudus.

# Get Media Token

Issues a short-lived JWT scoped to the authenticated customer that can be appended to media URLs (as the `t` query parameter) to access protected files — such as invoice PDFs, uploaded documents, and other customer-specific media stored by Nexudus.

<Note>
  This token is distinct from the bearer token used for API calls. It is a lightweight media-access credential with a short expiry and must be
  refreshed before downloading files in long-lived sessions.
</Note>

## Authentication

Requires a valid customer bearer token in the `Authorization` header.

## Request

No request body or query parameters are required.

```http theme={null}
GET /api/auth/media/customer
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...
```

## Response

Returns a `JwtMedia` object.

<ResponseField name="jwt" type="string">
  Short-lived JWT to append as `?t={jwt}` when constructing authenticated media URLs. For example: `/api/public/billing/invoices/{id}/pdf?t={jwt}`.
</ResponseField>

## Example Response

```json theme={null}
{
  "jwt": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI0MiIsIm..."
}
```

## TypeScript Integration

```typescript theme={null}
import endpoints from '@/api/endpoints'
import { useData } from '@/api/fetchData'
import { JwtMedia } from '@/types/JwtMedia'

// The endpoint value is the raw URL string
const mediaTokenUrl = endpoints.system.mediaToken
// => '/api/auth/media/customer'

const { resource: mediaJwt } = useData<JwtMedia>(httpClient, mediaTokenUrl)

// Use the JWT when building a PDF link
const pdfUrl = endpoints.billing.invoices.pdf(invoiceId, mediaJwt)
```

## Usage in Portal

| Context                                  | Source file                            |
| ---------------------------------------- | -------------------------------------- |
| Invoice PDF download                     | `src/views/billing/invoices/`          |
| File downloads (authenticated documents) | `src/components/AuthenticatedLink.tsx` |

## Error Responses

<ResponseField name="401 Unauthorized" type="error">
  The bearer token is missing, expired, or invalid. The customer must sign in again.
</ResponseField>

## Related Endpoints

| Method | Endpoint                                       | Description                                   |
| ------ | ---------------------------------------------- | --------------------------------------------- |
| `GET`  | `/api/public/billing/invoices/{invoiceId}/pdf` | Download an invoice PDF (requires this token) |
| `POST` | `/api/sys/users/token/refresh`                 | Obtain an authenticated redirect token        |
| `GET`  | `/api/public/files/my`                         | List files accessible to the current customer |