A representation of your company in Anon’s system.


Someone from your company who can use your Organization. There are two types:

  1. Admin Member: Can create new UserPools, SdkClient instances, and add other members.
  2. Read-only Member: Can only view resources, without the ability to create or modify them.


A JWT (JSON Web Token) which authenticates your Member to Anon, allowing them access to endpoints — such as, create UserPool and SdkClient.


A string used to auth your backend services to Anon, allowing your backend to hit Anon’s API endpoints. An APIKey is generated via your service SdkClient (service account).


Represents a group of end users. It does so by tracking your OAuth’s JSON Web Key Set (JWKS), which is a set of JSON Web Keys (JWKs) used to verify JSON Web Tokens (JWTs) issued by an Authorization Server. Put simply, it validates your users’ credentials.


Allows your applications and services to authenticate with Anon.

There are two types of SdkClient:

  1. A webapp SdkClient (has an associated UserPool) is for your frontend apps, providing info for Anon’s Link SDK to save user sessions. We use the SdkClient’s clientId to identify the UserPool that the end-user belongs to.
  2. A service SdkClient (has an associated APIKey) allows your backend apps to authenticate into Anon’s API endpoints.


A token used by your users to access your own webapp, as well as Anon.

When a user logs into your app, your identity provider generates a userIdToken for them. This can be used for Anon as well — so just by logging into your app, your end-user also gets logged into Anon!