Access tokens are used by the LightStep tracer client libraries to identify the project the tracer is reporting for. Reports from client libraries to the Satellites must have a valid access token to be accepted and stored in the recall buffer. Reports from clients with invalid or deactivated access tokens will be rejected on ingress.
In order to allow independent, fine-grained control of span report ingress to a project, LightStep allows for multiple access tokens and the ability to disable access tokens dynamically from the web application.
You may want to allocate a separate access token for each mobile and web client you are reporting from. In the case that these access tokens are compromised, you can disable the compromised token and deploy a new token to the client in question without the requirement of rolling out a new token to all other clients and backend services.
From the Project Settings page, you can create, name/rename, and enable/disable access tokens. It may take up to 5 minutes for the enable/disable signal to propagate to all active Satellites.