Access tokens are strings that represent a user’s authentication and authorization, also known as a bearer token.
As part of authentication, the authorization server returns an access token to the client application. This access token is unique to that authenticated user and the requesting client application. The client application must keep the access token secure and not leak the access token to other users or other applications.
The API documentation includes an
accessToken security requirement on the operations which require an access token. This security requirement means that client applications should pass the access token when invoking the operation.
Refreshing Expired Tokens
A client application can refresh an access token that has expired or is about to expire. When the access token is returned during authentication, a refresh token and an expiration time are also returned. The client application can preemptively acquire a new access token before the old token expires.
For help implementing Authentication and Authorization for your project, view our tutorial.