Access Token and "me" Literal
Kii Cloud REST API confirms the user's permission to execute a function by the access token sent from the client. Execution of the function can be allowed or blocked based on the security setting as the access token allows to determine who attempts to run the operation.
You can specify these four access tokens:
|Type of Token||Usage|
|User token||Access token to be obtained by the user login. Functions are executed with the user's permission.|
|Thing access token||Access token to be obtained by the thing onboarding. This token is used to process things for IoT solutions. Functions are executed with the thing's permission.|
|App administrator token||Access token to be obtained by using the ClientID and the ClientSecret of the application. Functions are executed with the administrator's permission.|
|Anonymous user token||Access token to be obtained by using the AppID of the application. Functions are executed with the anonymous user's permission.|
Once an access token is obtained, embed it to the
Authorization: Bearer header in subsequent processes to send API requests. Functions are executed based on the specified token's permission.
When a user token is specified, the "/me" literal which represents the user can be used in the resource URL. The "/me" literal in the URL is processed as the ID of the user identified with the user token. See also Resource URL and User Representation.
The "/me" literal cannot be used when the specified access token is any non-user token.