The Mavryx API distinguishes three types of tokens depending on the scenario:
| Type | Access | Description |
|---|---|---|
| Application token (the application acts on its behalf) | It has access only to application data. | Backend application storing the token securely on the server side (may have high permissions). |
| User-acting application token (the application acts on behalf of the user) | It has access to both application and user data. | Frontend/backend application storing the token securely on the server side (may have high permissions) or publicly (reduced permissions, such as viewing certain elements only). |
| User token | It has access only to user data. | Frontend application with reduced permissions. |
All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication/authrization will also fail.
{
"alg": "RS256",
"typ": "application/oauth2+access_token+jwt"
}Application token
{
"jti": "befd7808-1250-4ee1-90bb-6a179ac49517",
"iss": "auth-dev.mavryx.solutions",
"aud": [
"*.mavryx.solutions",
"*.mavryx.software"
],
"nbf": 1712143670,
"iat": 1712143670,
"exp": 1712147270,
"sub": "auth-dev.mavryx.solutions/client/069aa47b-1dd8-4273-80ba-1b4dadea8ff4",
"mrx_cid": "ee25b904-e0fe-4d91-9913-85d1496a8765",
"mrx_typ": "application",
"scope": [
"app:me:*"
]
}| Field Name | Type | Related | Description |
|---|---|---|---|
| jti | Mavryx/Types/Uuid | Token identifier | |
| iss | Mavryx/Types/String | Who generated the token | |
| aud | Mavryx/Types/Array | Who the token is intended for | |
| nbf | Mavryx/Types/Integer | The time (Unix Epoch time) from which the token can be used | |
| iat | Mavryx/Types/Integer | The time (Unix Epoch time) when the token was generated | |
| exp | Mavryx/Types/Integer | The expiration time (Unix Epoch time) of the token | |
| sub | Mavryx/Types/String | For whom the token was generated | |
| scope | Mavryx/Types/Array | List of scopes | |
| mrx_cid | Mavryx/Types/Uuid | Mavryx/Client | Client ID for which the token was generated |
| mrx_typ | Mavryx/Types/String | Token type, user,application |
User-acting application token
{
"jti": "befd7808-1250-4ee1-90bb-6a179ac49517",
"iss": "https://auth-dev.mavryx.solutions",
"aud": [
"*.mavryx.solutions",
"*.mavryx.software"
],
"nbf": 1712143670,
"iat": 1712143670,
"exp": 1712147270,
"sub": "https://auth-dev.mavryx.solutions/client/069aa47b-1dd8-4273-80ba-1b4dadea8ff4",
"mrx_cid": "ee25b904-e0fe-4d91-9913-85d1496a8765",
"mrx_uid": "f8874230-737a-4f05-bd7c-c6b8e014cc10",
"mrx_acid" : "4230f887-737a-4f05-bd7c-c6b8e014cc10",
"mrx_typ": "user",
"mrx_votp": true,
"scope": [
"app:me:*",
"account:me:*"
]
}| Field Name | Full name | Type | Related | Description |
|---|---|---|---|---|
| jti | Json Token ID | Mavryx/Types/Uuid | Token identifier | |
| iss | Issuer | Mavryx/Types/String | Who generated the token | |
| aud | Audience | Mavryx/Types/Array | Who the token is intended for | |
| nbf | Not before | Mavryx/Types/Integer | The time (Unix Epoch time) from which the token can be used | |
| iat | Issued at | Mavryx/Types/Integer | The time (Unix Epoch time) when the token was generated | |
| exp | Expire at | Mavryx/Types/Integer | The expiration time (Unix Epoch time) of the token | |
| sub | Subject | Mavryx/Types/String | For whom the token was generated | |
| scope | Scope | Mavryx/Types/Array | List of scopes | |
| mrx_cid | Client ID | Mavryx/Types/Uuid | Mavryx/Client | Client ID for which the token was generated |
| mrx_uid | User UUID | Mavryx/Types/Uuid | Mavryx/User | User UUID for which the token was generated |
| mrx_acid | Account UUID | Mavryx/Types/Uuid | Mavryx/Account | Account UUID for which the token was generated |
| mrx_typ | Token type | Mavryx/Types/String | Token type | |
| mrx_votp | MFA | Mavryx/Types/Boolean | Pass MFA |
User token
{
"jti": "befd7808-1250-4ee1-90bb-6a179ac49517",
"iss": "https://auth-dev.mavryx.solutions",
"aud": [
"*.mavryx.solutions",
"*.mavryx.software"
],
"nbf": 1712143670,
"iat": 1712143670,
"exp": 1712147270,
"sub": "https://auth-dev.mavryx.solutions/user/f8874230-737a-4f05-bd7c-c6b8e014cc10",
"mrx_uid": "f8874230-737a-4f05-bd7c-c6b8e014cc10",
"mrx_typ": "user",
"mrx_votp": true,
"scope": [
"account:me:*"
]
}| Field Name | Full name | Type | Related | Description |
|---|---|---|---|---|
| jti | Json Token ID | Mavryx/Types/Uuid | Token identifier | |
| iss | Issuer | Mavryx/Types/String | Who generated the token | |
| aud | Audience | Mavryx/Types/Array | Who the token is intended for | |
| nbf | Not before | Mavryx/Types/Integer | The time (Unix Epoch time) from which the token can be used | |
| iat | Issued at | Mavryx/Types/Integer | The time (Unix Epoch time) when the token was generated | |
| exp | Expire at | Mavryx/Types/Integer | The expiration time (Unix Epoch time) of the token | |
| sub | Subject | Mavryx/Types/String | For whom the token was generated | |
| scope | Scope | Mavryx/Types/Array | List of scopes | |
| mrx_uid | User ID | Mavryx/Types/Uuid | Mavryx/User | User ID for which the token was generated |
| mrx_typ | Token type | Mavryx/Types/String | Token type | |
| mrx_votp | MFA | Mavryx/Types/Boolean | Pass MFA |