# Access tokens
Access tokens are strings that identify the client of an API recipe. The token value is a secret that is shared between a client and the Workato server. A token is passed to the API in an authorization header. The header must have a valid value for the call to succeed.
Workato supports five token formats:
# Access token comparison
The following table compares the supported token formats based on setup simplicity, reuse, and token lifecycle. Use this comparison to choose the method that best fits your security model and integration requirements:
Auth Token | OAuth 2.0 | OAuth 2.0 (Token Introspection) | JSON Web Token (JWT) | OpenID Connect | |
---|---|---|---|---|---|
Simple to set up and use in API requests. | Yes | Yes | No | Yes | Yes |
Represents a Workato access profile or API key. | Yes | Yes | Yes | Yes | Yes |
Can be reused for multiple web applications. | No | Yes | Yes | No | Yes |
Tokens with limited validity. | No | Yes | Yes | Optional | Yes |
Last updated: 5/8/2025, 3:37:17 PM