System user tokens

In this article

    system user token is a  contract between an application and a tenant

    This component is coupled with the application in the Operation Centre, and is only included in the JWT or id_token when an administrator signs in to SuperID.

    Technically, the system user token is a String formatted as NAME_OF_APP-<some_random_characters> that:

    • is unique for each tenant-application
    • will exist for the lifetime of the application
    • is included in the JWT claims when an administrator signs in to the application

    A system user token remains the same and will not change for the lifetime of the application.

    How is the system user token used?

    The system user token is primarily a means to perform non-interactive operations on the APIs. It is:

    This token is not used for direct access to any customer tenant web services. For that, you need the system user ticket.

    In the future, system user functionality will be replaced with OAuth 2.0 Client Credentials flow, which will not have the sliding expiration behavior.


    Non-interactive token flow

    Where does the system user token come from?

    You will receive the system user token in the JWT claim, or id_token.

    • the token is only generated if system user token functionality is requested during application registration


    • the token is only created and added as a claim when a customer administrator has successfully authenticated and approved the application for the tenant

    It is up to the application to securely store the system user token.