Gaming industry under DDoS attack. Get DDoS protection now. Start onboarding
Under attack? Log in
Sign up for free

Products

Solutions

Pricing

Resources

Partners

Why Gcore

Under attack?
Log in
Contact us
Contact us Sign up for free
  1. Home
  2. Blog
  3. Permanent API token explained
Network
Expert insights
Developers

Permanent API token explained

  • March 30, 2021
  • 2 min read
Permanent API token explained

Each time you initiate a request to the API, a special access code—an access token—is used. This is needed to ensure that the client has the right to log in to the account and perform certain actions.

JSON Web Token

Access to the Gcore API is provided based on the JSON Web Token (JWT).

It consists of three parts:

  1. Header. Contains information about the token type and the digital signature algorithm used.
  2. Payload. Data that is transferred with the help of the token: purpose, validity period, date of creation, etc.
  3. Signature. Compiled based on the header and payload.

How the JSON Web Token works

  1. The client logs in to the system.
  2. Gcore API generates a token and sends it to the client.
  3. Upon every subsequent request, the client passes on the token.
  4. API calculates and verifies the signature.
  5. If the signature is valid, API responds to the client.

JSON Web Token limitations

The access token is valid for 1 hour. To issue a new one, Refresh Token is used. With it, users can request a new access token. In this case, the login and password do not need to be re-entered.

The Refresh Token also has a limited lifespan of 24 hours. That means our users need to enter their login and password every 24 hours, which is not too often. This system suits one-time requests perfectly well, but for automated work with our services using API, this creates certain problems.

For example, to set up automatic cache clearing, we need to additionally spell out the authorization logic and send the login and password to the client every time. This is inconvenient and bad for security.

To facilitate regular automated requests to services via API, we issue permanent API tokens.

How a permanent API token works

The main advantage of a permanent API token is that you can set its validity period yourself when you create it. You can even issue it for an unlimited period of time. That makes interaction via API easier: you don’t need to specify and maintain additional logic for a token’s automated issuing process and send a login and password each time.

A permanent API token is a random string. Gcore API stores this string’s hash and owner information.

  1. The client sends in a request signed with a permanent token.
  2. API verifies the token’s validity, presence of its hash in the database, and the client it corresponds to.
  3. If everything is authenticated, API accepts the request.

Which Gcore services can use permanent tokens?

Currently, you can only use your permanent API token in the CDN. It will help you automate any regularly performed processes: for example, cache clearing or requesting statistics.

In the future, we plan to extend the use of these tokens to make working with our other products even more convenient.

How to receive a permanent API token

1. Log in to your account.

2. Go to the API tokens section in your profile and click Create token.

3. Be sure to include the name and role of the token’s creator. Specify the token’s expiration date if needed. Click Create.

4. In a new window, you’ll see the new token. Make sure you save it! We don’t store tokens, so it is not possible to display it a second time.

Use Gcore CDN’s adaptive settings for more convenient and secure content delivery.

Sign up for CDN for free

null

Gcore Team

Content Team

Table of contents

Try Gcore Network

Gcore all-in-one platform: cloud, AI, CDN, security, and other infrastructure services.

Try for free

Related articles

Gcore partners with AVEQ to elevate streaming performance monitoring

At Gcore, delivering exceptional streaming experiences to users across our global network is at the heart of what we do. We're excited to share how we're taking our CDN performance monitoring to new heights through our partnership with AVEQ

How we engineered a single pipeline for LL-HLS and LL-DASH

Viewers in sports, gaming, and interactive events expect real-time, low-latency streaming experiences. To deliver this, the industry has rallied around two powerful protocols: Low-Latency HLS (LL-HLS) and Low-Latency DASH (LL-DASH).While th

Gcore CDN updates: Dedicated IP and BYOIP now available

We’re pleased to announce two new premium features for Gcore CDN: Dedicated IP and Bring Your Own IP (BYOIP). These capabilities give customers more control over their CDN configuration, helping you meet strict security, compliance, and bra

Smart caching and predictive streaming: the next generation of content delivery

As streaming demand surges worldwide, providers face mounting pressure to deliver high-quality video without buffering, lag, or quality dips, no matter where the viewer is or what device they're using. That pressure is only growing as audie

Protecting networks at scale with AI security strategies

Network cyberattacks are no longer isolated incidents. They are a constant, relentless assault on network infrastructure, probing for vulnerabilities in routing, session handling, and authentication flows. With AI at their disposal, threat

Introducing Gcore for Startups: created for builders, by builders

Building a startup is tough. Every decision about your infrastructure can make or break your speed to market and burn rate. Your time, team, and budget are stretched thin. That’s why you need a partner that helps you scale without compromis

Subscribe to our newsletter

Get the latest industry trends, exclusive insights, and Gcore updates delivered straight to your inbox.

Subscribe