Access tokens

JSON Web Tokens authorize a user to access IBM® ESG Suite from a third-party application.

The JSON Web Token (JTW) is typically a long string with randomized alphanumeric characters without any obvious patterns. It is not human readable, nearly impossible to be memorized, and is for computer applications to consume, communicate with each other, and use for authentications. An access token can be created and revoked independently of the password associated with the user account. Although an API access token is associated with a single user account, multiple API access tokens can be created and manipulated independently. Permissions or scopes for each access token can be modified individually after the token is created. This allows access to specific resources to be granted or restricted. Similar to passwords, API access tokens must be protected and secured.

JWT tokens provide the following benefits:
  • Improved security: JWT tokens reduce risks in the event that user credentials are compromised. You can reduce the scope of a credentials compromise by using an access token for automated tasks. You reduce the risk by using an application-specific token. The token does note expose the broader system in the event that automation or script files are compromised. If a token is compromised or is used in automation that is failing or posing a risk, you can revoke the token, but you do not need to revoke the credentials of the user.
  • Auditing and tracking: Similar to when a user logs in to the web application, the system tracks when an access token is used, what sessions are created from that token, and the actions that are performed in those sessions.
  • Manage automation: A token can be created for each script or task that accesses the Envizi ESG Suite APIs. This allows you to silo and review automation tasks across your organization. Additionally, by using tokens, password reset or metadata changes on the account of a user, such as a change of email address, will not disrupt automation, in comparison to the traditional approach where user credentials were hard-coded into automation scripts.
A JWT token can be generated by any user who has access to the Envizi ESG Suite platform, with the exception of users with view only access. They must be granted the permission to create personal access tokens.
Tip: Generate an JWT token for a generic login and use it for your API connections instead of generating the token for an individual user login.