What are client and access tokens and how to share them

What are client and access tokens?

 

Client and access tokens are used to connect your Mews Operations environment to other external services by using the Mews Open API.

 

• Client tokens: A security token integration partners use to authenticate their applications when accessing the Mews Open API. The Client token is shared by the Mews Technical Partnerships team when integrating with Mews and it should not be shared by or with Mews afterwards, as it contains sensitive information owned by the integration. 

 

• Access tokens: A security token generated by each unique marketplace integration. Used for accessing the property’s data through the Mews Open API. You should keep your Access token safe. With this token, anyone can access all your data.

 

In certain situations, you may be required to share information that can contain either these client or access tokens. For example, when sharing log files with technical support or configuring a new integration.

As these tokens are used to access sensitive information in Mews Operations, it is extremely important to share the access and client tokens securely to prevent a security breach.

 

How to share your client and access tokens?

 

The two secure forms to publicly share your tokens are:

 

1. In the file that you're sharing, leave only the first and last 4 characters of the token. For example, Client Token: "E0D4***9E1D" and Access Token: "C66E***453D".
2. Use a service as One Time Secret to share the token with a secure link. After you share it through this service, the link expires, and the token won't be stored.

 

You can learn more about client and access tokens in the Mews Open API.