Monterosa Access Token

Monterosa Access Tokens are standard JWTs (JWS variety) using mostly standard claims. They are signed with the RS256 algorithm and can be validated using a set of public keys at https://your.space.domain/.well-known/jwks.json.

Contents of the Monterosa Access Token and the way you obtain one depends on your use-case:

  • User tokens are obtained by public clients (e.g. web or native applications) in exchange for a user’s proof of identity and only provide access to data related to that user. When making an API request using a client-side token, you do not need to specify the user ID, as it is implied by the token.

  • Service tokens are obtained by trusted clients (e.g. back-end services) in exchange for pre-configured credentials and may provide access to all users' data. Therefore it is important to specify user ID (or user IDs for bulk operations) when making an API request using a server-side token.

Last updated