The Career Websites API uses OAuth 2.0 as underlying authentication protocol.
Based on the two-layered OAuth 2 authentication, your application has two authentication layers as well. The first authentication layer targets the application itself and is represented by the Client Access Token respectively the basic authorization. The second layer of authentication is when the user signed in via your application and you obtain the User Access Token.
Both layers cover a different range of actions which can be executed using them. While the Client Access Token and basic authorization are sufficient for the general (‘public’) access of data (e.g. searching job postings) the User Access Token is needed for operations which target the users data like managing her applications.
Different access permissions for user access tokens can be granted via scopes, the API uses the scopes Applications, Appointments, Events, and Me. Accessing functionality in the Application-API is not possible if the token misses this scope.
Such user access tokens are necessary when e.g. an auto-logging along with an operation occurs. For example upon confirming a pool request where the applicant is not logged in beforehand. The user access token would be part of the request confirmation’s link then, allowing actions in the approved scope.
You can find detailed information about the two types tokens, including possible errors that might occur during validation, on their respective pages.