</>
ProtocolCodes
English العربية Deutsch Español Français हिन्दी Bahasa Indonesia 日本語 한국어 Português Русский ไทย Türkçe Tiếng Việt 简体中文
Authentication & OAuth

Access Token

A short-lived credential that grants access to protected resources on behalf of a user or client. Access tokens are typically presented in the HTTP Authorization header as Bearer tokens and can be opaque strings (validated by the authorization server) or self-contained JWTs (validated locally using the server's public key). Their limited lifetime reduces the impact of token theft compared to long-lived credentials such as passwords or API keys.

Related Protocols

HTTP

Mentioned in Guides

OAuth 2.0 Flows Explained: Authorization Code, Client Credentials, PKCE Security & Authentication
SMTP Authentication Methods Explained Email Delivery
Authentication at the API Gateway: JWT Validation, OAuth, and API Keys API Gateway Patterns

See Also

Bearer Token Security
Refresh Token Authentication & OAuth
Token Introspection (RFC 7662) Authentication & OAuth
Token Revocation (RFC 7009) Authentication & OAuth
OAuth Scopes Authentication & OAuth
← Back to Glossary