There are 3 APIs and tokens are required to access them API 1 and API2 use membership system (identity) users need to be registered, email and passwords to access. Here api3 represents a closed api that only contains data Clients who want to access. Api3 have to get a token from auth server using client id and clientssecret