Session 3: Tokens and APIs

OAuth is all about tokens. These tokens have specific purposes and usage patterns. In this session we'll explain the various tokens and how they work when calling an API. We will also discuss how to efficiently design an API infrastructure using a token based architecture and the phantom token flow.

  • Tokens in OAuth and OpenID
  • Understanding token type, purpose and format.
  • Typical token lifetimes
  • Calling an API with an Access Token
  • Introspecting a token
  • Using a Gateway to introspect tokens
  • The Phantom Token Flow

Related resources


Course Outline