We have offered token based authentication for a long time now, and it has become apparent that the naming of these tokens causes some confusion. So we have tried to rename the tokens to something a little more intuitive.
We have renamed the tokens, but the old token names will continue to work.
The token authentication model consists of three tokens. Two of these are owned by the integration application and the third by the agreement that has granted the application access to the agreement data.
AppSecretToken
The first token is the AppSecretToken. This token is used by the integration application when connecting to the API.
When connecting to the SOAP API you use the method ConnectWithToken. The AppSecretToken is the appToken property.
When connecting to the REST API you have to supply this with the X-AppSecretToken header. This header has been renamed from AppId. You should replace the usage of the old header with the new header, but the AppId header will continue to work.
As the name implies this is a secret token and should not be shared with anyone.
AppPublicToken
The second token is the AppPublicToken. This token is used by the integration application when signing a grant token to grant an integration application access to an agreements data. The AppPublicToken is included in the query string of the page you send to the users you want to use your app.
AgreementGrantToken
The third token is the AgreementGrantToken. This token is the result of a user granting an application access to their data. This is what is either returned to the user after authenticating on the page you send them to, or what is included in the redirect url you have specified.
When connecting to the SOAP API you use the method ConnectWithToken. The AgreementGrantToken is the token property.
When connecting to the REST API you have to supply this with the X-AgreementGrantToken header. This header has been renamed from AccessId. You should replace the usage of the old header with the new header, but the AccessId header will continue to work.