Apps and API Tokens

Apps are an elemental part of your M-Trust solution. Understanding Apps and API Tokens is vital for managing access to our APIs and services.

App

Apps play a pivotal role in managing access to the M-Trust APIs and services. They enable creating and managing API Tokens and dictate access permissions. Apps are created and managed in the M-Trust Console. You have the flexibility to configure and customize Apps to suit your solution's needs.

API Token

Use your API Token within your solution application to access our APIs and services.

The API Tokens we issue for your applications are basically refresh Tokens under the hood. They are used to obtain access tokens, which are in turn used to access our APIs and services.

Token Expiration

Make sure to understand that API Tokens have a limited lifetime and need to be refreshed periodically. While creating an API Token, you can configure the expiration time. The default expiration is 90 days.

When an API Token is about to expire, we send you an email so you can recreate and replace the token in your application.

We limited the lifetime of the API Tokens to ensure the security of your solution. If a token is compromised, the damage is limited to the token's lifetime.

Permissions

Permissions are configured for an App and inherited to all API Tokens of this App.

Moreover permissions are not embedded in the token itself. Instead, they are checked at runtime. This means that you can change the permissions of an App at any time without having to re-create the API Token.

App​

API Token​

Token Expiration​

Permissions​

App

API Token

Token Expiration

Permissions