OAuth Tokens and Personal Access Tokens
Integrations GraphQL Training Authentication and Authorizations

OAuth Tokens and Personal Access Tokens

What are OAuth Tokens?

You don’t want to give a password of a 4me user to an application or integration layer. In the event of a breach in that application or in the integration layer, you want the 4me password to remain safe. And you want the integration to have access only to the data that are really required and nothing more.

That’s where OAuth Tokens come into play. You will not share password data but instead OAuth Tokens with your integrations. Based on these OAuth Tokens and on the scope you define for the OAuth Token you will allow an integration to access the 4me service without giving away your password. And you are able to specify excactly what the integration is allowed to create, read, update and delete.

You can obtain an OAuth token either by generating a Personal Access Token from My Profile in 4me, or by creating an OAuth Application from the Settings console in 4me.

In this training you will use a Personal Access Token. When you build an integration we advise you to create an OAuth Application.

Creation of a Personal Access Token

Let’s create now a Peronal Access Token for Howard Tanner that you will use in the exercises during the rest of this training. To do so, log in as Howard Tanner to Widget Data Center and click on the avatar of Howard in the upper right. Select the option ‘My Profile’.

Next, open the ‘Personal Access Tokens’ section. Click on the ‘Generate new token’ button or on the ‘+’ sign in the header bar to create a new Personal Access Token.


Personal Access Token


Give your Personal Access Token a name. This name should be meaningful. In this case you could name your personal access token ‘Integrations Training’.

A Personal Access Token has a Scopes section in which you will need to define what record types can be accessed. Click on the Add record types button and check the list of available record types.
Personal Access Token - Record Types
It is a bad practice to give more access rights to a personal access token than needed. So for now you will not add any record types to the scope. You will do so at the start of each exercise, making sure that this personal access token has access to the relevant record types and nothing more.


Note that a personal access token from Howard Tanner will never gain more access than Howard Tanner has. As Howard Tanner has the Account Administrator role of five 4me accounts, his personal access token can get access to most of the record types in the list.



For the exercises in this training, you will only need to access records from the Widget Data Center account and from the Widget International (directory) account. Specify in the scope section of your peronal access token these two accounts.
Personal Access Token - Account Scope

Now you can generate your token. To the right of the newly generated token you have a Copy function. Make sure to copy your new personal access token and save it in a .txt file or note. You will not be able to see the token again, and you cannot recover it later.

Personal Access Token - Token Generation

Next Topic