Session 5: Design tokens for your APIs

Using tokens for access to an API is just the beginning. The token itself can be shaped to contain all the details the API needs in order to properly authorize the request. This means that the token itself is an API for the APIs. Using claims, tokens can be shaped to create a valuable resource in your API infrastructure.

  • The difference between Scope and Claims
  • How to design a token
  • Using Scope
  • Adding Claims
  • Thinking API first
    • Define a contract with the API
    • Authorization in the API using scope and Claims

Related resources

Related sessions

Back to course

Introduction to OAuth


OAuth vs OpenID Connect


Tokens and APIs


Server to Server Communication with OAuth


Dynamic Clients and Metadata


OAuth for Mobile Applications


OAuth for Single Page Applications