App access token

AppAccessToken entities allow apps to act on their own in space environments in which they are installed.

In terms of access, an access token for an app:

is scoped to a specific space environment matching the space environment of an app installation
allows all actions on the following entity types: ContentType, EditorInterface, Entry, Asset, Locale, Tag, Task, Snapshot (only on master environment), and the app’s own AppInstallation
allows reading of the app’s configuration parameters

To obtain an access token, an app needs to use one of its active private keys (with a corresponding public key registered as an AppKey) to sign a JWT.

The following claims are mandatory:

iss: Issuer - sys.id value of the AppDefinition
exp: Expiry - number of seconds the JWT should be valid; not longer than 10 minutes
iat: Issued at - number representing a timestamp when the JWT was issued

The following header properties are mandatory:

typ: "JWT"
alg: "RS256"

A JWT created this way can be used to call the endpoint described below. The response will contain the value of the app access token as the token property. The token can be used to call CMA endpoints (as outlined above) for 10 minutes. The token can be cached until it expires.

Issue a token for an app installation in a space environment