{
  "$schema": "http://json-schema.org/draft-07/schema#",
  "title": "Create Access Token",
  "description": "Create a scoped, time-limited access token for API authentication.",
  "type": "object",
  "required": ["name", "scopes"],
  "properties": {
    "name": {
      "type": "string",
      "title": "Name",
      "description": "A label to identify this token (e.g., 'CI deploy key')",
      "minLength": 1,
      "examples": ["CI Deploy Key", "Terraform Runner"]
    },
    "serviceAccountId": {
      "type": "string",
      "title": "Service Account ID",
      "description": "Create the token on behalf of this service account. Omit to create for the authenticated identity."
    },
    "scopes": {
      "type": "array",
      "title": "Scopes",
      "description": "Permission scopes. At least one required. Currently only [\"*\"] (full access) is supported.",
      "items": { "type": "string" },
      "examples": [["*"]]
    },
    "expiresInMinutes": {
      "type": "integer",
      "title": "Expires In Minutes",
      "description": "How many minutes until this token expires. Defaults to 60 (1 hour). Maximum ~5,256,000 (10 years).",
      "default": 60,
      "examples": [60, 1440, 43200]
    }
  }
}