IBM Food Trust™ manages the issuance and maintenance of access tokens, also known as authentication tokens, service tokens, or JSON web tokens (JWT). Each registered user (human, system, or application) must obtain an access token in order to use IBM Food Trust.
IBM Food Trust classifies users into two types:
Human users are authenticated via their IBM identity service (IBMid) username (email address) and password. Authenticated human users can interact directly with the IBM Food Trust network.
System users (systems and applications) are authenticated via system ID (IBM Cloud resource dashboard), client ID and secret (token). A system user ID must also be created for any application program that calls IBM Food Trust APIs.
Each user type is authenticated through a separate mechanism:
Figure 1. Human user authentication flow
Figure 2. System user authentication flow
The granted access tokens expire after one hour, but can be renewed prior to expiration. See Authenticate system users for more information on tokens.