Stax provides two types of credentials for authenticating to the Stax API: API Tokens and Session Credentials. The credentials serve different purposes and your use case will dictate which type of credentials you will use.
The below table provides a summary of API Tokens and Session Credentials.
|API Tokens||Session Credentials|
|Description||Long-lived credentials you can create within Stax. Created by an administrator and can be assigned any role in Stax||Short-term credentials which are created as part of your Stax session. Mapped to an individual's Stax user credential and inherits their role|
|Use case||Designed for machines, such as automated build pipelines||Designed for humans, especially those who want to experiment and explore the Stax API on an ad-hoc basis|
|Usage||API Tokens can only be used with the Stax SDK for Python||Session Credentials can be used with a developer tool, such as Postman. They do not work with the Stax SDK for Python|
|Accessibility||Accessed via the Customer Menu in the left-hand nav, under API Tokens||Accessed via the left-hand nav, under the Profile page|
|Validity||Does not expire, however, regular credential rotation is recommended||Expires after 60 min|