Overview of the Token Concept in the Service of Protecting Your Applications and APIs

Tokens are hardware or software entities that demonstrate someone's right to take specific actions on particular objects. In the context of authorization and authentication, the token represents the client's entitlement to access a specific resource, which makes it an essential tool for consuming APIs. Tokens are issued by an authorization server upon client application's request to the OAuth Token Endpoint.

There are a number of token classifications and types. Depending on what you want to achieve with your token, you can select a particular token type. Each token type has its own characteristics and purpose(s), for example, software tokens (two-factor authentication security tools for authorizing the use of computer services) or session tokens (unique identifiers of interaction sessions).

Get familiar with token types that are relevant in the context of security protection for applications and APIs. They are: