Authenticate and Authorize in Space
Space security is based on access tokens: To communicate with Space, an application should first obtain an access token. Then it can use this token to send requests to Space. The access token not only authenticates the app in Space (confirms that the app is registered in the system) but also authorizes it (defines what permissions in the system does the app have).
To obtain an access token, your application should use one of the authorization methods supported by Space:
|OAuth 2.0 authorization|
This method lets you implement one of the OAuth 2.0 authorization flows best suited for your application type. All these flows imply that your application obtains a temporary access token in the beginning of each communication session.
You select a particular authorization flow when you register the application in Space.
|Personal token authorization|
This method uses a permanent token to authenticate and authorize an application on behalf of the Space user who created the token. This method is easier to implement and manage than OAuth 2.0 authorization, but is potentially less secure.
You can create a personal token for the application in your profile in Personal Tokens.
Using the access token
Your application must send the obtained access token in the
Authorization header when making requests to Space endpoints. For example: