Guide

Manage tokens

Tokens are necessary for you to authenticate and authorize Protector instances on your infrastructure. They are automatically generated after you create and save a new App & API Protector Hybrid Connection Configuration.

If needed, you can generate new tokens and revoke the old ones at any time in Connection Configurations > Manage tokens modal.

🚧

Remember to safeguard your tokens against any misuse:

  • Do not share tokens with anyone and keep them confidential.
  • Rotate tokens at least once a year. The recommended practice is to rotate tokens minimum twice a year.
  • If you find out that your token has been compromised, generate a new token as soon as possible. Next, register the new token on your Protector instances and revoke the old one.

There’s no time limit for the old token to expire. However, after you generate a new token, we recommend that you register it on all Protector instances and revoke the old one. You can only have 2 active tokens at a time.

To generate and copy a new token:

  1. Go to the selected Connection Configuration view.
  2. Click Manage tokens.
  3. In the Token management modal, click Generate new token. If you create a new token, while the previous one is used on your Protector instances, you will then have 2 tokens with an active status.

📘

  • The Generate new token button is disabled if you already have two active tokens.
  • For troubleshooting purposes, you can display the previously generated tokens by clicking the action menu and selecting Show.
  • If you generate a new token, but then decide not to use it and revoke it, then the previously active token is the one that you should copy and use on your infrastructure.
  1. Click the action button next to the new token and select Copy from the dropdown menu.
  2. Update the token on Protector instances on your infrastructure.

To revoke the old token, go back to the Token management modal and click the action menu next to the old token. Select Revoke. Note that if there’s only one active token, you can’t revoke it. In this case generate a new token first, then register it on all Protector instances and revoke the old one.

The Token management modal displays up to three revoked tokens. Note that there are three cases when tokens are revoked:

  • You revoke them in the Token management modal.
  • They are automatically removed after your license expires.
  • You delete the Connection Configuration.

If you don't want to generate a new token and simply copy the existing one, click the action button next to the token in the Token management modal and select Copy from the dropdown menu.

👍

Tokens are tied to the specific deployment type they were created for. You cannot reuse a token generated for a specific deployment type in another one. For example, a token created for a Kubernetes deployment cannot be reused in a reverse proxy deployment. To avoid deployment failures or authentication issues, create a separate Connection Configuration for each deployment type and use the token only within the deployment type it was generated for.

Updated 1 day ago