Monterosa Access Token
Last updated
Was this helpful?
Last updated
Was this helpful?
Monterosa Access Tokens are ( variety) using mostly standard claims. They are signed with the and can be validated using a set of public keys at https://your.space.domain/.well-known/jwks.json.
Contents of the Monterosa Access Token and the way you obtain one depends on your use-case:
User tokens are obtained by public clients (e.g. web or native applications) in exchange for a user’s proof of identity and only provide access to data related to that user. When making an API request using a client-side token, you do not need to specify the user ID, as it is implied by the token.
Service tokens are obtained by trusted clients (e.g. back-end services) in exchange for pre-configured credentials and may provide access to all users' data. Therefore it is important to specify user ID (or user IDs for bulk operations) when making an API request using a server-side token.