- Direct Access Implementation You can use this implementation to authenticate and authorize trusted internal clients or services, such as authorization between services in the same cluster or authorization of whitelisted client applications.
- API Gateway Implementation You can use this implementation to authenticate and authorize external, public clients and services such as third party services, web applications, and native applications.
Direct Access ImplementationDirect access implementation uses authentication that includes client credentials (Client ID and Client Secret) in the authorization request header. You’ll receive the client’s credentials when you register that client in IAM Client Management. After registering the client, you can use those credentials in the authorization request header to create an access token (JSON Web Token format) for that client. The access token is used to authorize every request made to IAM, to grant access to the related services or resources. The default expiration time of the token is four hours, which can be extended using the refresh token that is automatically created during a successful authentication request.
API Gateway ImplementationAPI gateway implementation offers greater security when authorizing access to backend services, by issuing a session ID to the client application instead of an access token. With this implementation, the access token and client secret are stored in the API gateway. The client must request access to the backend services by sending the session ID to the API gateway, and the API gateway will authorize the session ID and pass the access token to IAM.
Just like access tokens, a session ID expires after four hours and can be extended using a refresh ID, which is provided during the authentication request. The refresh will be performed automatically before the session ID expires.
- Check out API Reference for more information on authentication and authorization.
- Authentication and authorization is the gateway to all AccelByte backend services. After setting up your access tokens, you might want to manage your user account, create a campaign, or catalog your games and add-ons for sale.