Token Attributes
A request to the access-token-controller REST web service must specify the following attributes for each token.
|
Attribute |
Data Type |
Description |
|
expiryStr |
string |
Lifetime of the token, with a minimum lifetime of 1 minute. Use the following format to specify the token lifetime: Y=years, M=months, d=days, h=hours, m=minutes (case sensitive). Example: 3Y 4M 3d 9h 6m Best practice: Use a short duration and rotate tokens once every month or three months. See also Rotating a Token. |
|
tokenName |
string |
Custom token name specified by the user. The name must be 5 - 25 characters long. The following characters are not supported: * < > + $ ? . ^ | % ] \\\\ (four consecutive back slashes are not allowed) HTML tags that may indicate an XSS attack will be rejected. |
|
tokenDescription |
string |
A description of the token. This field is mandatory for IMPERSONATED tokens and should capture the impersonation reason. |
|
tokenType |
string |
The token type. Valid values: NORMAL, IMPERSONATED. See also Token Types and Their Uses. |
|
username |
string |
The user for whom the token is created. This field is mandatory for IMPERSONATED tokens. |
In addition to the attributes above, the response to a token request will include the following attributes.
|
Attribute |
Data Type |
Description |
|
tokenExpiryMillis |
integer |
The date and time when the token expires in milliseconds since 1970-01-01 00:00. |
|
tokenIssueMillis |
integer |
The date and time when the token was issued in milliseconds since 1970-01-01 00:00. |
|
tokenCreator |
string |
The ID of the logged-in user who is requesting the token. This is usually an email address. |
Token Creator vs User Name
Note the difference between the token creator and the user name:
| • | For NORMAL tokens, the value for tokenCreator will be identical with the value for username. |
| • | For IMPERSONATED tokens: |
| • | The tokenCreator is the logged-in user requesting the token. |
| • | The usernamespecifies the user for whom the token is generated. |