Skip to main content

Table of Contents

Understanding authorized access tokens


Only available versions of this content are shown in the dropdown

Authorized access token (AAT) is now the default token format used in Pega Platform for OAuth 2.0 access tokens. AAT replaced the previously used opaque tokens.

Authorized access tokens

AATs are self-contained, compact, and digitally signed to be tamperproof.

Pega Platform manages AATs with autogenerated claims and a built-in key rotation strategy. Pega Platform uses JSON Web tokens (JWT) and JSON Web Signature (JWS) standards for managing authorized access tokens.

AATs are fully backward compatible. They have the same ease of use as opaque tokens, which are used in versions of Pega Platform earlier than 8.5.

Sample AAT

The following image shows a sample AAT with information on what each part of the token contains:

Related Content

Did you find this content helpful?

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us