An
Action Invoker access token is a string that contains a value that allows a caller to execute an action. For security purposes you may have to use an access token when using the Action Invoker from an external caller, an environment that may not necessarily be trusted. When an external caller tries to execute an action, the caller's access token, if provided, is checked against the application's
logic settings. If the application does not require an access token, or the provided access token is in the list of valid access tokens, the action is executed.
By default, if a valid access token is not present, CSPro will ask the user to approve the external caller's request to access CSPro functionality and data. The user's choice, to allow or disallow access, will apply to that action, and any subsequent actions executed from the caller's environment. If you do not want the user to have the permission to allow requests, you should
always require access tokens. When creating new applications, the default setting is to allow users to approve access when an access token is not used.
Access tokens that are not defined as part of the logic settings can be registered used the
registerAccessToken action, but this action can only be called from trusted environments.
The following table shows environments where the Action Invoker is available, whether calls from that environment are implicitly trusted, and how to use access tokens otherwise: