You use both OAuth apps and API tokens to interact with the Tanzu Platform cloud services APIs.
API tokens are issued by users in an Organization and are associated with the user’s account and the Organization from which they generated the API token. Once created by a user in an Organization, OAuth apps act as entities in Server to server interactions and can be used in multiple Organizations. Only the users who created the API tokens can manage them. The owner of the OAuth app is the Organization in which it was created, and can be managed by users who are Organization Owners or Organization Members with a Developer role.
You can use both OAuth apps and API tokens to automate processes that interact with the Tanzu Platform cloud services APIs. The difference is that API tokens incorporate the user account in the access token while OAuth apps perform authorization without a user account. When you make a choice of using an API token or an OAuth app to make an API call, you must consider the specific requirements of the API service involved in the interaction. Some APIs require a user account to be the authenticated entity while others don’t. For example, if you call an API to fetch Billing and Subscription information for your Organization in Tanzu Platform cloud services, you can use either an OAuth app of the Server to server type or an API token to make calls to the API service as it does not require authentication through user credentials and accepts client credentials as well. If an API is used by the users of an Organization to update their passwords, the API requires a user to act as the authenticating entity.
ImportantBefore using OAuth apps of the Server to server type for automated calls to your cloud services, you must first consult the relevant API documentation.
Parent topic:How do I create OAuth 2.0 apps and authenticate applications