====Token====

The **token** [[pathsecurity|access control]] rule allows access to a resource if the request includes a specific //security token// and is submitted via HTTPS.

This is often used to allow services, scripts or other tools to access resources when they are not going to be on a static IP address or the system is vulnerable to IP spoofing.

===Properties===

**header**: The name of the HTTP header that contains the token \\
**value**: The value of the token to search for. May be an array.\\

===Example===

<code javascript>
{
   "type": "token",
   "header": "X-Access-Token",
   "list": ["token1","token1"]
}
</code>

//This restricts access to only clients communicating via HTTPS and who include an 'X-Access-Token' header with the value 'token1' or 'token2'.//