Access Token (called access_token in API operations parameters) identifies both application and user, and allows them to perform API calls on topoos platform.
Some operations need to be safer than others: for example if a user gets his own Access Token in any way, he would do inappropriate use of it, because he is able to make API calls directly to topoos in your app context, or even delete content.
To avoid this type of attack, there are Access Tokens with different authorization levels:
- Administrator Authorization
- Authorization (also called User Authorization).
The authorization level required for each operation is specified in the API Reference Documentation for each operations.
How to get an Access Token with Administrator Authorization
How to get an Access Token with User Authorization
You get a valid Access Token with User Authorization level when you get an Access Token by using OAuth 2.0.
You also got a valid Access Token with User Authorization level in the application creation step. It is called APPUSER_TOKEN in app configuration in the Developers Panel, and it is useful if your app is single-user.