Authentication and authorization Confirms user identity and controls access to resources using predefined permissions. Introduction to Aspera authentication and authorizationA transfer server can use either SSH, HTTPS, or WebSocket authentication and authorization for browsing and transfers. Require token authorization: Set in the GUIWhen transfer users or groups are configured to require token authorization, transfers only initiated with a valid token (transfer token, basic token, or bearer token) are allowed to transfer to or from the server. Token authorization can be set independently for incoming transfers and outgoing transfers.Require token authorization: Set from the command lineWhen transfer users or groups are configured to require token authorization, transfers only initiated with a valid token (transfer token, basic token, or bearer token) are allowed to transfer to or from the server. Token authorization can be set independently for incoming transfers and outgoing transfers.Transfer token creation with the Node APIUse the Node API to create transfer tokens. Transfer token generation (astokengen)The astokengen command line tool can be used to generate and decode transfer tokens. Use astokengen only during development for debugging purposes, and use the Node API for production systems.Access key authenticationAccess key authentication provides an alternative to entering the security credentials of a Node API user or system user. Because an access key is restricted to its own storage (local or cloud), it allows access control and usage reporting to be segregated by storage. This offers significant benefits to multi-tenant service providers and enterprise installations with multiple departments. Basic tokensA basic token is created from an access key ID and secret, which authorizes a transfer user access to a specific area of a storage and authenticates that user to the storage. Basic tokens are less restrictive than transfer tokens. They can be used to transfer with any Aspera® server that supports access keys (except forIBM Aspera on Cloud).Bearer tokensThe bearer token is a JWT payload that securely transfers files as a JSON object. A trusted authority that can create JWT can be used to create Bearer Tokens that the Node API can validate to allow Node user authentication. A bearer token is created from an access key ID, access key secret, and an SSL private-public key pair. Bearer token authentication is required for transfers to and from IBM Aspera on Cloud. Parent topic: High-Speed Transfer Server Admin Guide for Linux