Access Token

A short-lived credential a client presents to a resource server to access protected data. Access tokens are typically opaque or JWT-formatted, with lifetimes measured in minutes. Treat them as bearer secrets: anyone holding the token can use it.