access token
A string granted by the authorization server used to identify the issuer of a request. The access token has to be sent to the resource server every time that the client wants to access protected resources. This token is sent in Authorization HTTP header using a Bearer scheme on each request like this: Authorization: Bearer <token>
json api
JSON API is a specification for how a client should request that resources be fetched or modified, and how a server should respond to those requests. JSON API is designed to minimize both the number of requests and the amount of data transmitted between clients and servers. This efficiency is achieved without compromising readability, flexibility, or discoverability [cit. from the specification]

JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.

A JWT is composed by three parts:

  • an header containing informations about the token type and algorithm used. It is Base64URL encoded.
  • a payload containing informations in the form of claims (informations we want to transmit). It is Base64URL encoded.
  • a signature used to verify the authenticity of the JWT using a valid algorithm defined by JSON Web Signature (JWS) specification (for example a shared secret HMAC).

More info here.

An object in BEdita is the atomic content of your project’s data, it could be a core types like a document, an event, an image, a video or it could be a custom type defined specifically in your project. Have a look at Objects in BEdita for a detailed overview.
A project in BEdita is an independent data set consisting mainly of objects, resources and media files; you may think of a database with a set of related resources like media files and configurations; each project will expose its own endpoint to applications
refresh token
An opaque token issued by the authorization server. It is useful to renew an expired access token without send the user credentials again.
A role in RBAC permission model ( is used to assign permissions to perform some operations
Project users accessing resources with credentials to login; main attributes are username and password or some external auth provider identifiers and other profile data like first name, surname, and other contact information; each user has usually at least one role, used to grant access on endpoint operations; user authentication is not always mandatory, some endpoints may respond to GET anonymous requests, but to perform write operations a user has to be identified