Rotating a Token
Token rotation is a security best practice that involves regularly replacing old tokens with new ones in a system where tokens are used for authentication and authorization. This practice enhances security and maintains the integrity of access control mechanisms. Token rotation also enables organizations to quickly generate a new token if the existing token value is compromised. Revenera recommend to frequently rotate access tokens (the frequency will depend on your organization's security policies).
Token rotation means that a token's properties (expiry strategy, expiry time, issue time, type, name and user name) are retained, but a new token value is created. No values can be changed.
If a token is rotated halfway through its lifetime (specified in expiryStr), the token expiry time (tokenExpiryMillis) does not change. For example, if a token is created on January 1 with a lifetime of 30 days ("expiryStr": "30d"), and the token is rotated on January 20, its expiry time of January 30 ("tokenExpiryMillis": 1704067200000) remains unchanged.
Call the /token/{tokenName}/rotation endpoint using POST, where you pass the token name as a path parameter.
|
Item |
Description |
|
URI |
/uar/v1/token/{tokenName}/rotation |
|
Method |
POST |
|
Query parameters |
N/A |
|
Request body |
N/A |
|
Response codes |
200: Success |
Sample Response
The following shows a sample response with details of the rotated token (response code 200, Success).
It is important that you make a note of the rotated token value; this is the only time the new token value is displayed.
{
"statusMessage": "Successful"
"responseObject": {
"expiryStr": "10m",
"tokenDescription": "demo",
"tokenExpiryMillis": 1716900570355,
"tokenIssueMillis": 1716899970355,
"tokenName": "demo",
"tokenCreator": "systemadmin@mycompany.com",
"tokenType": "NORMAL",
"tokenValue": "rna_164dabe428eff69835a25ba555d9c22714033abs227",
"username": "systemadmin@mycompany.com"
},
}