There are two parties involved in an access token request: the client, who requests the token, and the resource (the API) that accepts the token when the API is called. The aud claim in a token indicates the resource the token is intended for (its audience) .