Users need access tokens to invoke APIs subscribed under an application. Access tokens are passed in the HTTP header when invoking APIs. The API Cloud provides a Token API that you can use to generate and renew user and application access tokens. The response of the Token API is a JSON message. You extract the token from the JSON and pass it with an HTTP Authorization header to access the API.
The following topic explains how to generate/renew access tokens and authorize them. WSO2 API Cloud supports the most common authorization grant types. You can also define additional types.