Monterosa Access Token
Monterosa Access Tokens are standard JWTs (JWS variety) using mostly standard claims. They are signed with the RS256 algorithm and can be validated using a set of public keys at https://your.space.domain/.well-known/jwks.json
.
Contents of the Monterosa Access Token and the way you obtain one depends on your use-case:
User tokens are obtained by public clients (e.g. web or native applications) in exchange for a userβs proof of identity and only provide access to data related to that user. When making an API request using a client-side token, you do not need to specify the user ID, as it is implied by the token.
Service tokens are obtained by trusted clients (e.g. back-end services) in exchange for pre-configured credentials and may provide access to all users' data. Therefore it is important to specify user ID (or user IDs for bulk operations) when making an API request using a server-side token.
Last updated