When Integration Server acts as a resource server, it receives requests from client applications that include an access token. The resource server asks the authorization server to validate the access token and user. If the token is valid and the user has privileges to access the folders and services, the resource server executes the request. The resource server and the authorization server might be the same Integration Server instance or might be different Integration Server instances. The authorization server might also be a third party authorization server. For information about using Integration Server as a resource server, see About Using Integration Server as the Resource Server. For information about configuring an third party authorization server, see Using an External Authorization Server.