Question
How to control human or machine user access to cloud APIs?
Context
Access to cloud API endpoints often needs to be given on per-use or basis to achieve certain security levels. Using user credentials directly every time does not allow such levels of control.
Solution
Access tokens are cryptographic secrets issued to API users, allowing them to programmatically access API endpoints. Access tokens enable fine-grained temporal and functional control, enabling access only to specific functions at the specified time. The lifetime of tokens is easily controlled, so their issuing and revocation can easily be automated.
References
Access token - auth0.com
AWS Security Token Service - aws.amazon.com