User tokens in v 5.3

from 5.3 release notes

  • New API token system - user tokens are now generated separately in preferences and they have a week expiration time by default.

I am using the legacy version and I cannot find user token in prefernces!!! Am I missing something?
How can I generate a user token, to use it then as https://myserver.com/?locale=en&token=X4KTvrKtjZKZwF3uT333WV6sdKUkTdFF
One, more how long the token will be valid?
Thanks in advance

Anton Tananaev2 years ago

Old web app doesn't have a UI to generate new tokens. You should either use modern or use API directly.

Anton Tananaev2 years ago

Tokens are valid for 7 days by default, but if you use API you can set your own expiration.

Overloadq2 years ago

Hello,
How you can set your own expiration time?

Anton Tananaev2 years ago

You can, but you need to use the API directly.

yudi77912 years ago

Hello, could you share how to get or generate token and set expiration time using API ? because i can't find at API reference.
Thank in advance

Is it possible for one of the next versions to have the token expiration time as a parameter in the config file?
Thanks

Anton Tananaev2 years ago

The endpoint is /api/session/token. You need to POST a form request to it with an expiration parameter, which is a date and time in ISO format.

yudi77912 years ago

Thanks Mr. Tananaev already get the token but for the response string not in JSON format

Anton Tananaev2 years ago

It's just the token. No JSON.

SwayDev2 years ago

Hello,

Had 2 questions related to this topic / new change to tokens so posting them here.

  1. Is there any potential limit to how many tokens can or may be stored in MySQL DB?

  2. Is it possible for an admin user to generate a token for a user account?

  • Reason for question 2: In my setup of Traccar, I used to create user accounts along with "token" value via API using admin authentication. and authenticate users via API using only tokens, however, with v5.3 changes, this method may not be possible if the answer to question #2 is No.
TUISTERa2 years ago

What is the url for using the token ? The old way doesn't work, i try this url :

https://gps.tvsat.co/?token=RzBFAiEAtn58_sNmHrMH8-qIVJEdeP-fwDz9vIaKSx7DY1XvaI8CIBDIubmlU8L7WVJSGmdWzDR5xZSCfjl1xKrPkjOI9mnkeyJ1Ijo1LCJlIjoiMjAyNi0wMS0zMFQyMjowMDowMC4wMDArMDA6MDAifQ
Anton Tananaev2 years ago

It doesn't work because your user is disabled:

User has expired - SecurityException (Disableable:35 < LoginService:95 < *:63 < SessionResource:76 < ...)
Toavina232 years ago

here is a related question: I'am able to generate auth token from the modern web interface via the user's account but when using the api, it return 401. why does it behaves that way ?

Anton Tananaev2 years ago

Does it return any error messages?