External Application tokens can be issued by the API implementer to access application level resources, i.e. Products, which are not User scoped. These Application Tokens are the equivalent of using the API Key when using the Internal authentication method. To use External tokens to access User scoped resources, issue a User Token.
For information on how to use an Application Token, please see Using Tokens.
Details
An Application Token is made up of the following required fields.
| Name | Description | Data Type | Example |
|---|---|---|---|
| iss | Issuer | String | application.example.com |
| aud | Audience | String | api.milkbooks.com |
| exp | Expiry | UNIX Timestamp | 1374112588 |
Example
An application token might look like this (without base64 encoding)
{"typ":"JWT","alg":"HS256"}.{"iss":"application.example.com","aud":"api.milkbooks.com","exp":1374112588}And with base64 encoding and signature (signed with "secret"), this token would become:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJhcHBsaWNhdGlvbi5leGFtcGxlLmNvbSIsImF1ZCI6ImFwaS5taWxrYm9va3MuY29tIiwiZXhwIjoxMzc0MTEyNTg4LCJ0eXAiOiJKV1QifQ.CEnFD9ASrbLYwDZicnIy_CliD4E_cLcII-IdZNP8W6U