Last updated

Self-service M2M tokens for end-users and workflows

M2M (Machine-to-Machine) authentication using client credentials and access tokens is essential for securely connecting internal services and enabling automated workflows. With Frontegg, you can generate and manage M2M tokens to streamline communication between your systems or provide end-users with secure API access. This approach ensures efficient, secure interactions while maintaining granular control over permissions and access levels.


Token contexts

User tokens

User tokens are tied to individual users and include the following:

  • The user context.
  • The roles and permissions assigned to the user on the active account (tenant).

User tokens are ideal for user-specific operations and are automatically deleted when the associated user is removed from the system.

Tenant tokens

Tenant tokens are associated with an account (tenant) rather than a specific user. These tokens are useful for account-wide operations and their roles and permissions are defined by the scopes granted during token creation.


Token types

Client credentials tokens

Client Credentials Tokens can be used in both User and Tenant contexts for passwordless authentication methods, such as magic codes or links. Key features include:

  • Time sensitivity: Tokens are valid for a limited period and are designed for short-term authentication.
  • Refresh token rotation: Supports up to 100 active refresh tokens simultaneously, ensuring security by invalidating the oldest token upon the 101st refresh.
  • Header usage: These credentials are used for generating a bearer token that should be passed in the Authorization header.

Access tokens

Access Tokens are versatile and can also be used in both User and Tenant contexts. They are designed for longer-term authentication and role-based access control. Key features include:

  • Flexible expiration: Tokens can be configured with specific validity periods to suit your application's requirements.
  • Direct usage: These tokens are JWTs that can be used immediately without additional exchange processes.
  • Header usage: These tokens are passed in the X-API-KEY header.

Select the type of M2M tokens for your environment

Explore this detailed guide to choose the right token type for your environment and learn how to programmatically create personal or API (account) tokens.

Allow M2M for end-users

Discover how your end users can independently create M2M tokens through Frontegg's self-service portal and seamlessly interact with your APIs. See the full self-service M2M tokens guide, here.