1

Revoking Admin/User tokens

Referring to the below REST API reference, the admin token generated using REST API seems valid forever, Is there any way to revoke/invalidate the token once generated.

Also if multiple tokens are generated, all of them seem to be valid. Should the latest token invalidate the ones generated earlier?

 

https://help.pyramidanalytics.com/Content/Root/developer/reference/APIs/REST%20API/API2/auth/authenticateUserByToken.htm

1 reply

null
    • Matan_Dror
    • 1 yr ago
    • Official response
    • Reported - view

    All pyramid tokens contain an expiration mechanism , enterprise admins can choose the timeout for the tokens in admin panel under access -> Extended Security. In addition there is also a revoke mechanism inside the pyramid UI , when editing a specific user the admin can select to revoke the user sessions from all devices , this will cause all previous generated tokens for the user to expire.

    As for multiple tokens, multiple token ca be generated for the same user , this is part of the design and is needed as part of the application other features.

Content aside

  • Status Answered
  • 1 Likes
  • 1 yr agoLast active
  • 1Replies
  • 27Views
  • 2 Following