User type : API UserUsers of type "API" are users who have a non expiring API key assigned for authentication. admin users can create and update users of type API. Upon creation a user of type API receives a unique non expiring accessToken that can be used in any of the REST methods. Compared to users of type PERSON or SYSTEM, using an API token in integration tasks prevents the need to first request an accessToken from Sweagle using a user name and password. API users can either be assigned with one of the predefined "system wide" roles such admin, editor or viewer. Or they can be assigned to specific roles and policies, limiting the scope of the data model that can be viewed/modified by that API users. From that point of view, API users follow the same access and permissions logic like SYSTEM or PERSON users. The API key is the bearer token to be used in the header information when executing API commands. See the code below for an example of how the bearer token is used in the header of a cURL call to retrieve the validation status of pending data for the data set "myDataSetName" curl -X GET "https://demo.sweagle.com/api/v1/data/include/validate?name=myDataSetName" -H "Authorization: bearer af28a599-a24e-xxxx-8626-d7ad6914be1d" -H 'Accept: application/json;charset=UTF-8' API user tokens assigned to a person user an admin user assigns an API user to a person user. That person can access the details of all its assigned API users by opening the profile page. An admin user has the possibility to reassign an API user to another person user, but never to itself. In case the admin user requires an API token, another admin user needs to create and assign (2 pairs of eyes principle)