🎟️

Access Token

Session Management

Authorization Single Sign‑On (SSO) Session Management Refresh Token

Bearer credential used to authorize API requests; should be short-lived and scoped.

Definition

An access token is a credential (often a signed JWT or opaque string) presented to APIs to authorize requests. Good practice uses short lifetimes, narrow scopes, and secure storage.

In plain English Bearer credential used to authorize API requests; should be short-lived and scoped.

Why this matters

Why it matters: Token theft enables impersonation; limiting scope and lifetime reduces blast radius.

Example

Example: Issue an access token valid for 15 minutes with scope “read:profile”, and rotate it via a refresh token.

Access Token

Definition

Why this matters

Example

Accessibility Settings

Text Size

Theme

Contrast Level

Language & Content

Need help with a term? Open the glossary