## Token Server Overview

The Token Server provides a critical layer of security for web applications that use services requiring a license key.
When you integrate a service directly into a public-facing website, there’s a significant risk of exposing your license key within the site’s code.
If a malicious actor finds this key, they could potentially use your licensed services without authorization, leading to security breaches or unexpected costs.

To solve this problem, the Token Server acts as a secure intermediary.
Instead of placing your main license key in the public code, your private server-side application makes a request to the Token Server.
In return, it receives a secure, temporary token with a limited lifespan.
This disposable token can then be safely passed to the public website for its use, ensuring that your license key is never exposed.

The Token Server can:

- Generate secure, temporary authentication tokens for client-side use.
- Conceal your license key to prevent it from being exposed in public-facing code.
- Enhance web application security by providing a safer method for authentication.
- Control the active lifespan of a token, from a minimum of 1 minute up to 99 hours.


**Documentation**

- [Token Server Documentation](https://docs.melissa.com/cloud-api/token-server/token-server-index.html)


**Useful Resources**

- [GitHub - Token Server Open API Specification](https://github.com/MelissaData/MelissaCloudAPI-OpenAPI-Specification/blob/main/openapi/apis/token-server.yaml)
- [Release notes](https://releasenotes.melissa.com/cloud-api/token-server/)
- [Result codes](https://docs.melissa.com/cloud-api/token-server/result-codes.html)


**Support Center**

[https://www.melissa.com/company/product-support](https://www.melissa.com/company/product-support)