The app Access token allows the site admins/developers to perform actions on behalf of a specific member or bot account. It works as if the actions are being performed by that member, and there’s no need to know the email address and the password of that member to do it.
To understand the process of Generating the App access token for a specific site, please follow the steps shared in our Guide here: App Access Tokens.
Here are some of the best practices to ensure that you’re not running into any issues while generating the Access Token:
Please ensure that the App is published in the site they intend to make API Calls for. For Example, in the example below, if the API calls need to be performed for “community2.blogha.com”, it should say ‘Unpublished’ right next to the site details indicating that the site is published.
Please ensure that the app is installed on the site under the Apps section. The app is not automatically installed after it’s published.
The request that is being sent should be a post request. If you use any other request type, it won’t work.
Please ensure that the entityID and the networkID are the same.
If impersonateMemberId is left blank, an Access token for a bot will be created.
The Client Secret should never be shared publicly.