I keep having to re-create a new Balena Access Token because after some amount of time whichever once I previously created stops working. The documentation says it should never expire, but unless there is a setting I’m missing it most definitely expires.
Since we use the Balena Access Token both in our containers and externally this is a huge issue for us. Any thoughts or guidance is appreciated.
–Kirk
Hi,
Can you clarify what kind of access token you are using or how you create it?
The user JWT does expire, but it has the permissions to issue creating a new one before that point, which is what our dashboard does in the background so that the user session doesn’t get interrupted by this expiration.
API keys on the other hand do not expire.
Let me point you to some references in our documentation page:
Whilst API tokens do not expire, JWT session tokens do after 7 days.
Kind regards,
Thodoris
Can you also point us to the documentation page that you referred above.
There might be a case that this is a bug in our docs, in which case we should fix it right away.
I’m using an API Key (not a Session Token) as described in: Account management - Balena Documentation
Per your comment above and the documentation the API token should never expire.
I use the API key in my container to modify device specific environment variables.
Thanks
Kirk
Hi,
What sorts of queries are you making with the API keys from your containers? An example query, whether it’s in Python / JS / curl, would be appreciated so we have more info. Are you receiving any responses other than 401 Unauthorized? If so, please paste any other responses here. Are you using the same API key across the entirety of your interactions with balena API?
As an aside, we’d recommend using the io.balena.features.balena-api label [1] so you don’t have to manage your own API keys from on the device.
Thanks,
Christina
Additionally, could you send a screenshot of your access token page (balena dashboard)? Please blur your session token when you do so to avoid any security issues. Just to be absolutely clear, the “Session token” on that page expires after 7 days as it’s a JWT token, whereas the “API key” which you must manually create does not expire as mentioned by Thodoris above.
Thanks this solved my immediate issue. I’m still not sure why the API Key I created isn’t working but now I no longer need it for this purpose.
@kirkocke could you please confirm that you are using this label on your docker-compose when you were using the API Key?
Yes, I’m using the io.balena.features.balena-api label in my docker-compose.yml and then in my container I use the BALENA_API_KEY to access the API. I am no longer using a user generated API Key in ‘Access Tokens.’
Thanks again for the help,
Kirk
Thank you @kirkocke
