The IoT-dedicated Token Access Control application allows you to create and manage collections of public keys. It provides a mechanism for uploading public keys into key collections, testing key collections before going live, and creating versions of these key collections to enable frictionless public key rotation.

You can reference the key collections created in Token Access Control across multiple products and properties within your account. Typically, you need to reference public key collections in the JWT verification behaviors of OTA Updates to indicate the public keys that you want to use to check JWT signatures in clients' requests.

You can also rotate public keys that your property uses. Independent of your property's life cycle, Token Access Control lets you create versions of property-referenced key collections and update public keys stored in them.

Depending on the level of access that you want to have to Token Access Control, you need an appropriate permission assigned by the administrator. For more information on JWT permissions, see Add JWT permissions to a user role.

Developer tools

• IoT Token Access Control API v1