Page Comparison

...

Let's take a look at how to generate and renew each type of access token in detail.

Generating access tokens

Application access tokens are generated at the application-level and valid for all APIs associated with the application. It leverages OAuth2 to provide a simple, easy-to-use key management mechanism.

Application access tokens

Following steps describe how to generate application access tokens.

...

Using this token, users can access any API subscribed under a given application.

User access tokens

User access tokens are generated at user-level and valid for all APIs subscribed to a user. User-level tokens allow users to invoke an API even from a third-party application like a mobile app. You can generate a user-level token by calling the API Manager Login API through a REST client. For more information on generating user-level tokens, refer to Token APIs.

Renewing expired tokens

Access Tokens have a default expiration time, which is set to 60 minutes by default.

...

After an access token is generated, users sometimes want to renew the old token due to expiration or security concerns. API Consumers can re-generate/refresh access tokens in the following ways.

Application access token

When an application access token expires, consumers can refresh the token by logging into API Store, selecting the My Subscriptions page, and clicking the Re-generate option showing under Keys.

User access token

To renew a user token, issue a REST call to WSO2 Login API through a REST client. For more information, refer to Renew User Tokens.

After subscribing to an API and generating a key to access it, the next step is to invoke the API through the Gateway using the steps given in section Testing APIs.