API token removed

Hi, I just wanted to ask if the API permanent access token is scheduled to be removed or something like that, because it was missing from last week and our application wouldn't work.

I've just created a new one but I wanted to know if it  has an expiry date or something.

Thanks,

Pedro

CALA Homes

0
7 comentários
Spot On Innovative Approach Stellar Advice
Avatar

Hi Pedro and welcome to the Wrike Community! :)

The permanent token never expires. The exception is when you reset your password. I've checked your account and saw that you indeed reset your password recently, which is most likely the reason your access token has been revoked. Please let me know if you have any additional questions!

Serge S. Community Team at Wrike Wrike Product Manager Aprenda sobre as funcionalidades e melhores práticas em Wrike com o nosso Treinamento Webinar Online

Serge S. Wrike Team member Aprenda sobre as funcionalidades e melhores práticas em Wrike com o nosso Treinamento Webinar Online

0
Ações de comentário Permalink
Spot On Innovative Approach Stellar Advice
Avatar

Hi Serge,

Thanks for your response, that makes sense.

Regards,

Pedro

0
Ações de comentário Permalink
Spot On Innovative Approach Stellar Advice
Avatar

Hi Serge, is that still the expected behaviour? Does it make sense to have a "permanent" token revoked each time you reset your password if the guideline is to reset passwords at least every 90days?

Is there any suggested way to get a permanent token by user without need to create a new token each time a password reset happens?

Regards
Patrick

0
Ações de comentário Permalink
Spot On Innovative Approach Stellar Advice
Avatar

Hi Patrick Güra! I'm checking this with the team now, we'll get back to you as soon as possible 👍

Lisa Community Team at Wrike Wrike Product Manager Become a Wrike expert with Wrike Discover

Lisa Wrike Team member Become a Wrike expert with Wrike Discover

0
Ações de comentário Permalink
Spot On Innovative Approach Stellar Advice
Avatar

Hi Patrick Güra,

That's correct, the permanent access token is invalidated upon the regular password change too. So, since the password expiration policy on your account is set to "Every 90 days", you'll need to generate a new token every 3 months. Wrike password expiration automatically triggers API token invalidation for the benefit of your data security, and we generally recommend to change token periodically to avoid any risk of its exposure.

The password policy settings apply to all users, and there's no option of excluding the user who generated the API token. There are two workarounds I have in mind that could help in your use-case:

  1. Please discuss with your team if you still need the password expiration policy in place - the owner of your account can disable the password policies for everyone as described here: https://help.wrike.com/hc/en-us/articles/210324485-Advanced-Security-Settings#passwordexpiration
  2. If you want to combine the high level of password security and prevent future invalidation of API tokens at the same time, please consider implementing SAML SSO for your account. Users will be able to sign in to Wrike using only company credentials. Since the password security will be managed on the IdP side, your Wrike Admin can switch the setting "Force reset user passwords" to "Never" and the token won't be revoked anymore.


Please let me know if you have any further questions🙂

Lisa K. Community Team at Wrike Wrike Product Manager Aprenda sobre as funcionalidades e melhores práticas em Wrike com o nosso Treinamento Webinar Online

Lisa K. Wrike Team member Aprenda sobre as funcionalidades e melhores práticas em Wrike com o nosso Treinamento Webinar Online

0
Ações de comentário Permalink
Spot On Innovative Approach Stellar Advice
Avatar

Hi Lisa K.

does this behavior also apply to OAuth2 apps - I couldn't find anything on the subject - do Client-ID and Client-Secret of API-Apps also get revoked after password resets?

 

Best regards,
Adrian

0
Ações de comentário Permalink
Spot On Innovative Approach Stellar Advice
Avatar

Hi Adrian Soluch, thanks for the question. Resetting the Wrike password revokes all OAuth2 tokens (permanent access tokens and a pair of access and refresh tokens), but you can use the same Client-ID and Client-Secret to generate new tokens after you have reset your Wrike password (https://developers.wrike.com/oauth-20-authorization/). Let me know if there is anything else I can help you with! 🙌

Lisa K. Community Team at Wrike Wrike Product Manager Aprenda sobre as funcionalidades e melhores práticas em Wrike com o nosso Treinamento Webinar Online

Lisa K. Wrike Team member Aprenda sobre as funcionalidades e melhores práticas em Wrike com o nosso Treinamento Webinar Online

1
Ações de comentário Permalink

Folllowing List for Post: API token removed
[this list is visible for admins and agents only]

Alto
Didn’t find what you were looking for? Write new post