Skip to end of metadata
Go to start of metadata


Requests to the MILK API on behalf of a user are authenticated using a token.

For details on how to use a token, see Using Tokens.

For details on what is in a token, see Token Format.

For example requests and responses, see Authentication Examples.

Obtaining a Token

The MILK API has 2 ways of authenticating users to obtain a token.

  1. Internal
    • Users are registered with and log into the MILK API.
    • After logging in to the MILK API servers with the users credentials, the MILK API issues a signed token which can be used to make requests on behalf of that user.
  2. External
    • Users are registered with and log into servers controlled by the API implementer.
    • After logging in to the implementer's servers, the implementer's servers issue a signed token which can then be accepted by the MILK API to make on behalf of that user.

Once you have let MILK know which method you will be using to authenticate your users, we'll set up your account and issue with the required credentials for your chosen method.

Both Internal and External Authentication strategies allow creation of Anonymous Users.

Selecting an Authentication Method

Internal Authentication might be the most appropriate in the following situations:

  • An application that doesn't have user accounts, and has no plans to add them.

External Authentication would work the best in the following situation:

  • An application already has an existing server based user account system.


  • No labels