Admin Token Management
Last updated
Last updated
To increase the security of our admin tokens, we have enhanced the ability to generate new admin tokens with shorter expiration time and the ability to revoke admin tokens.
Previously, all generated access tokens had an expiration time of 10 years by default. From now on, the expiration time for all newly generated access tokens will be reduced to 1 year. This new enhancement only affects the newly generated tokens. So if you want a token with a shorter expiration time, you will need to generate a new token through the console.
This is not available for Super Admin.
To retrieve your current admin token:
In the Console, go to Settings > Admin Users
Click the ellipses ...next to your user name to retrieve your current admin token.
Click the Generate button to generate (create) a new token, which will invalidate the existing token.
Click the Confirm button.
Once the new token is generated, the admin will be notified to get switched from the old token to the new token within 24 hours.
Please remember to generate a new token before it expires. Otherwise, you will get a "token expired" error if you use an expired token for API calls.
In case the admin token has been compromised, admin users can now revoke their own admin token, and Super Admins can revoke another admin's token. Revoking tokens is done by passing the username parameter.
After revocation, that admin's token becomes invalid and the admin will be automatically logged out of Console. When that admin logs in again, a new token will be generated. The admin must use this new token for future API calls, otherwise they will receive an "Invalid token' error.
You will encounter error:
When a non-admin tries to revoke any admin token
When the username doesn't exist
