more on sirris.be
back to overview
Access Token

Identification, Authentication and Authorisation

Access Token

Question

How to control human or machine user access to cloud APIs?

Context

Access to cloud API endpoints often needs to be given on per-use or basis to achieve certain security levels. Using user credentials directly every time does not allow such levels of control.

Solution

Access tokens are cryptographic secrets issued to API users, allowing them to programmatically access API endpoints. Access tokens enable fine-grained temporal and functional control, enabling access only to specific functions at the specified time. The lifetime of tokens is easily controlled, so their issuing and revocation can easily be automated.

References

Access token - auth0.com
AWS Security Token Service - aws.amazon.com

Identification, Authentication and Authorisation Navigation

Multi-Factor Authentication

Multi-Factor Authentication
Access token

Access token
Federation

Federation
Mutual Authentication

Mutual Authentication
Secure User Onboarding

Secure User Onboarding
Per-Request Authentication

Per-Request Authentication
Identity and Access Manager

Identity and Access Manager
Access Control Clearance

Access Control Clearance