Skip to main content

What are Access Tokens?

Anedya Access Tokens are temporary credentials that you can distribute to your users to access certain nodes and actions. Access Tokens are time-limited, i.e. they expire in a relatively short period. Each token has an access policy attached to it based on which bearer of the token is granted access. Using access tokens clients can fetch data directly from Anedya's APIs.

For a detailed understanding, let's understand a scenario of an IoT application. Imagine you are in the automobile sector and you manufacture vehicles that have IoT features, for example, your customer can visualize the speed of a vehicle over a certain period in the form of a nice graph.

Conventional Flow

So, how you will approach this problem? A standard flow of events is shown below:

Docusaurus themed imageDocusaurus themed image
  • Client initiates request
  • Your backend service authenticates the client
  • Application backend queries database service and retrieves data
  • Application backend reverts data back to client

In this case, you'll be developing the data handling APIs and will also be required to put in management effort in terms of scaling it when thousands of users are querying data. Also, notice that the application backend also goes to query in the database service. If you are using some cloud-hosted database service, that adds to latency as well, appearing sluggish in the user experience. And if you are managing your database, that's another level of management headache.

Enter Anedya Access Tokens! They are developed to solve this exact problem.

When you use Anedya for your IoT application, it does not only take care of storing data in a very performant storage backend, but it also takes care of how that data is delivered to your applications. Let's consider the same scenario again, this time using Anedya!

Flow when Using Anedya Access Tokens

When using Anedya Access Tokens, the flow is divided into two parts:

Docusaurus themed imageDocusaurus themed image

At this point, the application has an access token and stores it for future use. In the next step instead of calling the application backend, the client can directly call Anedya APIs to get the device data. Anedya takes care of authorization and access control as defined in the token policy.

Docusaurus themed imageDocusaurus themed image

You can define the expiry of Access Tokens and can even revoke them before expiry. Once the token expires, the application can request another token from the backend service.

This architecture has the following benefits:

  • Unless there's a very customized need, your application backend does not need any data handling APIs
  • Application backend does not require to be scaled with clients making more queries, Anedya handles all the scalability
  • The user perceives an improved response time, as data is delivered directly to the client.
Last updated on