Authorization

The Messaging for In-App and Web API supports authenticated and unauthenticated users.

For authenticated users, the API uses bearer token authentication. Requests are authenticated by JWT tokens generated by the service for individual clients and use the standard header Authorization: Bearer <token> for endpoints that require security, where <token> is the JSON Web Token (JWT). To generate access tokens for authenticated users, see Generate an Access Token.

To generate access tokens for unauthenticated users (unverified guests), see Generate an Access Token for an Unauthenticated User.

If you're implementing user verification, you can create a signed JSON Web Token (JWT) by following the steps in the JWT and JWK Command Line Utility README file in GitHub.

See Also

• Salesforce Help: Understanding User Verification
• Salesforce Help: Add User Verification