- Application Access Tokens: Tokens to identify and authenticate an entire application. An application is a logical collection of many APIs. With a single application access token, you can invoke all of these APIs.
- User Access Tokens: Tokens to identify the final user of an application. For example, the final user of a mobile application deployed on different devices.
In WSO2 API-M the access token must be unique for the following combinations -
Let's take a look at how to generate and renew each type of access token.