Skip to main content
MindTouch Success Center

Browser API Tokens

Applies to:
All MindTouch Versions
Role required:
Learn how browser API tokens provide secure cross-origin web application integrations with the MindTouch API.

Why You Need a Browser API Token

Browser API tokens are sent from a website, web application, or simply anything that runs in a web browser to the MindTouch API. Implementations with browser API tokens are written in web browser executable languages such as JavaScript.

Normally, web browsers such as Google Chrome or Mozilla Firefox do not allow JavaScript applications running on one website to access data from another. Browsers block cross-origin requests and responses due to the security issues it can cause, especially if one website's JavaScript application uses the cookies of another website to impersonate a user's identity for nefarious purposes. However, a website can declare which third party websites can securely access its data using Cross Origin Resource Sharing (CORS). Browser API tokens allow developers to implement CORS in a safe and secure manner. In addition to CORS, browser API tokens also allow same origin API access from JavaScript executed in content on a MindTouch site to the same site's API.

A browser API token has no specific user permissions for the API to determine which operations are or aren't allowed. User permissions are determined by the web browser session's authtoken HTTP cookie. If the user accessing the integration has not signed in to the MindTouch site, then the API considers the user to be an anonymous user.

  • Was this article helpful?