An access token is an opaque string that identifies a user or a user's privileges and can be used by applications to make API calls to WOZTELL.
The token includes information about when the token will expire and which user generated the token. There are different scopes and permissions of access tokens to support different use cases:
Access Token Type | Description |
---|---|
bot:admin | Grant all Bot APIs access |
bot:sendResponses | Grant permissions to send responses on behalf of bot |
bot:redirectMemberToNode | Grant permissions to redirect member to node on behalf of bot |
api:admin | Grant all APIs access |
integration:admin | Grant all Integration APIs access |
integration:write | Grant permissions to create & update Integration |
integration:delete | Grant permissions to delete Integration |
file:admin | Grant all File APIs access |
file:waGet | Grant permisisons to get file url by WhatsApp media ID |
member:admin | Grant all Member APIs access |
member:read | Grant permissions to read Member list by externalId or memberId |
member:write | Grant permissions to create & update Member |
Access tokens are generated via the following method. Please head to "Settings" -> "Access Tokens".
Head to "Access Tokens" under "Settings".
Go to "Generate Access Token".
Under the Active access tokens, the long and short tokens can be viewed in separate tabs.
Item | Description |
---|---|
Access Token | The generated access token, you may click to copy the token |
Creator | The user who generated the access token |
Scopes | The scopes & permissions granted |
Using for | The extension associated to the access token. "Woztell Platform" will be displayed if the access token is just generated by a user instead of an extension. |
Expired At | The expiration time of the access token; "Never" means the token is long-lived |
If an access token is generated by an extension, the associated extension will be displayed under "Using For". The tokens generated by extensions cannot be deleted manually by a user, unless the associated extension is uninstalled.
To revoke an access token, select "More" and then "Revoke".