An access token is a simple string that is passed as an HTTP header of a request. For example, "
Authorization: Bearer NtBQkXoKElu0H1a1fQ0DWfo6IX4a." Access tokens authenticate API users and applications, and ensure better security (e.g., prevent DoS attacks). If a token that is passed with a request is invalid, the request is discarded in the first stage of processing. Access tokens work equally well for SOAP and REST calls.
There are two types of access tokens:
- Application Access Tokens : Tokens to authenticate an application, which is a logical collection of APIs. You to access all APIs associated with an application using a single token, and also subscribe multiple times to a single API with different SLA levels. Application access tokens leverage OAuth2 to provide simple key management.
- User Access Tokens : Tokens to authenticate the final user of an API. User access tokens allow users to invoke an API even from a third-party application like a mobile app.
The sections below show how to generate and renew each type of access token:
|Table of Contents|
Generating application access tokens