API Reference

Introduction to Access Control

Tokens

All access to the Pillars system is controlled by Tokens.

There are a few basic properties of a token (see Authentication/token/{token})

  • Access - Defines a list of permissions granted to that token
  • Environment - Defines the environment associated with the token.
  • Scope - Limits the scope of a token to a Node and that Node's downline.

Access Tokens

Access Tokens are used when an external service need access to the Pillars APIs but does not want to authenticate for a particular user. These are used for Server to Server API calls.

  • Access Tokens can be saved and should be kept secure. See Keeping your API access tokens secure
  • Access Tokens are never tied to a user.
  • Access Tokens do not expire.
  • Access Tokens are always associated with an environment.

For instructions on generating an Access Token see Managing Access Tokens

User Tokens

User Tokens are used to access the Pillars APIs by a particular user. These are used by the User Interface.

  • User Tokens should never be saved.
  • User Tokens are always tied to a user.
  • User Tokens do expire.
  • User Tokens may not initially be associated with an environment.

For instructions on generating an Access Token see Managing User Tokens