You can't use app management token from client apps for security reasons. Therefore to support serverless apps, Whisk provides an alternative mechanism.

Note: For browser applications, you need to provide a list of domains which will be whitelisted

The client application can request short-lived token to access API and keep a reference for the user

curl "https://graph.whisk.com/auth/anonymous/create" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d '{
  "clientId": "<YOUR-APP-ID>"
}'

Example response:

{
  "token": {
    "access_token": "Xb609ErrcoRNwll9wwxbk70OxFrbxEOu8Ui8ZzV4yJDA9RvLRGFhlMAAfkP2OmSS",
    "expires_in": 86400,
    "token_type": "Bearer",
    "refresh_token": "oS1437tty6buHTef0VGkXgcR7PvOt2DDUntSjWaCtDqJX8osK7d3Mip38NjpJdTH"
  }
}

Then access_tokenfrom the response can be used for communication from the client app. This Access Token is bound to specific userIdin Whisk Platform

Anonymous users will be deleted automatically after 30 days of inactivity, but if the user will make any request in this period their lifetime will be increased for another 30 days.