Child pages
  • Generate Access Tokens to Authenticate APIs

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

An access token is a simple string that is passed as an HTTP header of a request. For example, "Authorization: Bearer NtBQkXoKElu0H1a1fQ0DWfo6IX4a." Access tokens authenticate API users and applications, and ensure better security (e.g., prevent DoS attacks). If a token that is passed with a request is invalid, the request is discarded in the first stage of processing. Access tokens work equally well for SOAP and REST calls.

There are two types of access tokens:

  • Application Access Tokens : Tokens to authenticate an application, which is a logical collection of APIs. You to access all APIs associated with an application using a single token, and also subscribe multiple times to a single API with different SLA levels. Application access tokens leverage OAuth2 to provide simple key management.
  • User Access Tokens : Tokens to authenticate the final user of an API. User access tokens allow users to invoke an API even from a third-party application like a mobile app.

The sections below show how to generate and renew each type of access token:

Table of Contents

Generating application access tokens