API keys

Andreu

Hi, REI3 team
Any way to control the time that an API authorization key is valid?
We have several PowerBI files connected to our app thru the API, but the key is out of date and requires renewal almost every week, not sustainable for us.
Thanks

gabriel

Hello Andreu,

To your question first: Yes, you can control the access token expiration via this setting:
Admin panel -> System -> Users -> Max. session time in hours

You can also overwrite this setting for individual users:
Admin panel -> Users -> [YOUR API USER] -> Properties -> Max. session time in hours

Be aware that changing this setting only has an effect for tokens created afterwards. Existing tokens will expire with the previous setting.

But this is not good practice, as tokens should regularly expire - the shorter the better.

Good practice is to execute the authentication call regularly (ie. in lower intervals than expiration demands) and to store the resulting access token in a place, where all other API requests can get it from. This usually means having one scheduled job that is responsible for access token renewal.