To understand this API's various URL resources and the data it exchanges, it helps to be familiar with the following concepts:

  • Authorization code. Code issued to a user following a successful authentication. This code is then exchanged for an access token and a refresh token. See JavaScript SDK access tokens and codes for more information.

  • Access token. Presented each time a user requests access to a protected resource such as a user profile. Users are granted access, or denied access, based on the authorization rights assigned to the access token. See JavaScript SDK access tokens and codes for more information.

  • Refresh token. Provides a way to obtain a new access token any time a user‚Äôs current access token expires. By default, access tokens are short-lived, expiring after one hour. Without a refresh token, users would need to reauthenticate each time an access token expires. See JavaScript SDK access tokens and codes for more information.

  • Traditional login and registration. Users create accounts (and then log in to those accounts) by using an email address and password. See JavaScript SDK registration overview for more information.

  • Social login and registration. Users create accounts (and then log int o those accounts) by leveraging an account previously created on a social login identity provider such as Twitter or Facebook. This enables users to log into an Identity Cloud website by using their Twitter account instead of needing unique Identity Cloud login credentials. See JavaScript SDK registration overview for more information.

  • OAuth. Recognized standard for granting authorization to resources. Note that the Authentication APIs don‚Äôt use the same version of OAuth that Hosted Login uses.

  • Linked accounts. Provides a way to connect one or more social login accounts to a traditional user account. In turn, users can then log in by:

    • Using their email address and password,.
    • Using one of their linked social login accounts (Twitter, Facebook, etc.).

    See Link or unlink accounts for more information.