Overview of the token concept in the service of protecting your applications and APIs
Find out what tokens are and explore different token types. Learn why you need to use tokens of specific types and check examples of tokens that you're going to use.
Tokens are hardware or software entities that demonstrate someone’s right to take specific actions on particular objects. In the context of authorization and authentication, the token represents the client’s entitlement to access a specific resource, which makes it an essential tool for consuming APIs.
There are a number of token classifications and types. Depending on what you want to achieve with your token, you can select a particular token type. Each token type has its own characteristics and purpose(s), for example, software tokens (two-factor authentication security tools for authorizing the use of computer services) or session tokens (unique identifiers of interaction sessions).
Tokens in ACP
In ACP, tokens are configurable per workspace (authorization server). You can preview and modify tokens settings for a particular workspace by entering the workspace and navigating to Workspace settings > Tokens.
In the Tokens view, you can set up
Access token type: JSON WEB TOKEN (JWT) or Opaque (depending on what structure and readability you need for your token)
Time to live: How long your tokens are going to last
In the sections that follows, you will get familiar with token types that are relevant in the context of security protection for applications and APIs. They are
- Access token
- JSON Web Token
- Opaque token
- ID token
- Refresh token