# Access tokens

Access tokens are strings that identify the client of an API recipe. The token value is a secret that is shared between a client and the Workato server. A token is passed to the API in an authorization header. The header must have a valid value for the call to succeed.

Workato supports five token formats:

# Access token comparison

The following table compares the supported token formats based on setup simplicity, reuse, and token lifecycle. Use this comparison to choose the method that best fits your security model and integration requirements:

Auth Token OAuth 2.0 OAuth 2.0 (Token Introspection) JSON Web Token (JWT) OpenID Connect
Simple to set up and use in API requests. Yes Yes No Yes Yes
Represents a Workato access profile or API key. Yes Yes Yes Yes Yes
Can be reused for multiple web applications. No Yes Yes No Yes
Tokens with limited validity. No Yes Yes Optional Yes


Last updated: 5/8/2025, 3:37:17 PM