This documentation is for WSO2 API Manager 1.10.0 View documentation for the latest release.
Page Comparison - Working with Access Tokens (v.11 vs v.12) - API Manager 1.10.0 - WSO2 Documentation

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  • Application Access Tokens: Tokens to identify and authenticate an entire application. An application is a logical collection of many APIs. With a single application access token, you can invoke all of these APIs.
  • User Access Tokens: Tokens to identify the final user of an application. For example, the final user of a mobile application deployed on different devices.

In WSO2 API-M the access token must be unique for the following combinations - CONSUMER_KEY, AUTHZ_USER, USER_TYPE, ?TOKEN_STATE, TOKEN_STATE_ID and TOKEN_SCOPE. The latter mentioned constraint is defined in the IDN_OAUTH2_ACCESS_TOKEN table. Therefore, it is not possible to have more than one Access Token for any of the above combinations.

Let's take a look at how to generate and renew each type of access token.