Access token concept

An access token is a short-lived credential used to create a link. An access token contains the URL and secret code of a corresponding access grant.

Access tokens are issued from access grants. A grant issues zero or more tokens. Tokens are redeemed for links.

Access tokens have limited redemptions and limited lifespans. By default, they can be redeemed only once, and they expire 15 minutes after being issued. You can set custom limits by configuring the access grant.

The sequence for issuing and redeeming access tokens

A site wishing to accept a link (site 1) creates an access grant.
It uses the access grant to issue a corresponding access token and transfers it to a remote site (site 2).
Site 2 submits the access token to site 1 for redemption.
If the token is valid, site 1 sends site 2 the TLS host, port, and credentials required to create a link to site 1.