Mint phantom token
This is a control-plane endpoint on the admin host (e.g.
admin.knoxcall.com). It is authenticated with a session JWT plus the X-Tenant-ID header and requires an owner or admin role — not an API key. It does not use the api.knoxcall.com API-key auth described in the shared Authentication section.name defaults to key-<timestamp> if omitted, and dpop_required defaults to false. The token kind is always agent, and its scope (providers and models) is derived automatically from the agent’s configured default_model — it is not accepted from the request body.
Response
key.id is the phantom token’s UUID. key.prefix is the first 12 characters of the generated token (kc_live_a_ followed by two of its random hex characters).