Access Token
- 04 Apr 2024
- 1 Minute to read
- Print
- DarkLight
- PDF
Access Token
- Updated on 04 Apr 2024
- 1 Minute to read
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Access Tokens are credentials used by applications to access API's protected resources. An Access Token is a string representing an authorization issued to the client. Tokens represent specific scopes and durations of access, granted by the resource owner and enforced by the API as well as the authorization server.
Its purpose is to inform the API that the bearer of this token has been authorized to access the API and perform specific actions (as specified by the scope that is granted). The Access Token should be used as a bearer credential and transmitted in an HTTP Authorization header to the API.
The following table describes the claims returned in the Access Token.
Claim | Description | Example |
|---|---|---|
client_id | Client identity of the client that requested the authentication (your applications client_id). | demoapp |
scope | A list of scopes that the user has access to | [ "openid", "profile", "email" ] |
tenant_id | Current Tenant ID context (only present for tenant enabled applications) | 9ea83b40-1ce9-4f2d-a1ac-2b0f28001bb6 |
auth_time | Time when the authentication occured. Number representing seconds since 01.01.1970 | 1498217219 |
sub | Visma Connect Unique User ID of authenticated user | 1072cd43-d99a-4d44-84a2-5f80720c1a19 |
aud | Audiences. A list of API URIs that have scopes in the Access Token | ["https://api1.visma.com/resources", "https://api2.visma.com"] |
nbf | Not before Time in Unix Time Stamp (Epoch time) | 1501591804 |
iss | Issuer | https://connect.visma.com |
exp | Expiration Time in Unix Time Stamp (Epoch time) | 1501601800 |
jti (optional; must be enabled for your Application) | Json Web Token ID. A unique identifier for the JWT. | 234hhjfhjk342hkh4hkj324hkjh42343khfs1jf |
Was this article helpful?