# Anonymous Access from Client Apps

Since you can't use the app management token from client apps for security reasons, Whisk provides an alternative mechanism to support server-less apps. Client application can request short-lived token to access API and keep reference for user.

{% hint style="info" %}
If you need the token for browser applications, you must provide a list of domains for whitelisting.
{% endhint %}

### Sample Request and Response

{% tabs %}
{% tab title="Curl Request" %}

```bash
curl "https://login.whisk.com/auth/anonymous/create" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d '{
       "clientId": "<YOUR-APP-ID>"
      }'
```

{% endtab %}

{% tab title="Response" %}

```graphql
{
    "user": {
        "id": "1025f5d34cdd65b4b3eaa9246e6a5146930",
        "updatedAt": 1613220404000,
        "createdAt": 1613220404000,
        "preferences": {
            "diets": [],
            "avoidances": [],
            "dislikedIngredients": [],
            "householdSizeAdults": 1,
            "householdSizeChildren": 0,
            "cookingSkill": "amateur"
        },
        "preferencesMask": [],
        "anonymous": true,
        "passwordRequired": true,
        "emailVerified": false
    },
    "token": {
        "access_token": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
        "expires_in": 2592000,
        "scope": "",
        "token_type": "Bearer",
        "new_user": true
    }
```

The `access_token` is bound to specific user's `id` in Whisk Platform and can be used for communication from client app&#x20;
{% endtab %}
{% endtabs %}

{% hint style="warning" %}
The anonymous user is deleted automatically after 30 days of inactivity, but if a user makes a request during this period, the validity increases for another 30 days.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.whisk.com/api-overview/auth/anonymous-access-from-client-apps.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.