About Access Token

Not applicable

We use OPDK 4.17.01.

I have some questions about access tokens.

  • Doesn't a access token itself have meaning? (I have seen community articles about this before, but I don't remember where it is.)
  • Is there a generation algorithm in the character string of a access token? Or is it just a random character string?
  • Is a access token kept in Cassandra in plaintext? Or is it encrypted and held?
  • I learned that the length of the access token can be changed in the following article. https://community.apigee.com/questions/41191/is-it-possible-to-change-default-consumer-secret-l.html Is there an upper limit on the length of a access token?

Thanks.

Solved Solved
0 5 697
1 ACCEPTED SOLUTION

@Kubota Kosuke , Great Questions,

Here is what i think about same,

Doesn't a access token itself have meaning? (I have seen community articles about this before, but I don't remember where it is.)

You can associate attributes with access token & have some meaning. Find more about same here. Otherwise, They are just access tokens that will give you access to certain APIs.

Is there a generation algorithm in the character string of a access token? Or is it just a random character string?

Due to security reasons, We don't reveal the algorithm behind it. It's internal to Apigee. You can take it as a random character string. You can also have hashed tokens stored in Apigee instead of plain. More about same here.

Is a access token kept in Cassandra in plaintext? Or is it encrypted and held?

More about same here. Option to hash & store is available.

I learned that the length of the access token can be changed in the following article. https://community.apigee.com/questions/41191/is-it-possible-to-change-default-consumer-secret-l.htmlIs there an upper limit on the length of a access token?

I think it's more of data limit than characters limit. I might be wrong here. I am not sure performance implications of same if it's longer. I will keep you posted.

Hope it helps.

View solution in original post

5 REPLIES 5

@Kubota Kosuke , Great Questions,

Here is what i think about same,

Doesn't a access token itself have meaning? (I have seen community articles about this before, but I don't remember where it is.)

You can associate attributes with access token & have some meaning. Find more about same here. Otherwise, They are just access tokens that will give you access to certain APIs.

Is there a generation algorithm in the character string of a access token? Or is it just a random character string?

Due to security reasons, We don't reveal the algorithm behind it. It's internal to Apigee. You can take it as a random character string. You can also have hashed tokens stored in Apigee instead of plain. More about same here.

Is a access token kept in Cassandra in plaintext? Or is it encrypted and held?

More about same here. Option to hash & store is available.

I learned that the length of the access token can be changed in the following article. https://community.apigee.com/questions/41191/is-it-possible-to-change-default-consumer-secret-l.htmlIs there an upper limit on the length of a access token?

I think it's more of data limit than characters limit. I might be wrong here. I am not sure performance implications of same if it's longer. I will keep you posted.

Hope it helps.

Thanks, @Anil Sagar.

The third link is incorrect, so please tell me the correct link.

As for the upper limit of the access token length, I'll try it.

@Kubota Kosuke , Updated the link.

@Anil Sagar

I recognized it was the same page as the second link. I appreciate your help.

I tested how many digits the maximum length of the access token was. It is possible to set up to 512 digits. If it is 513 digits or more, the following error message is returned.

HTTP/1.1 400 Bad Request
X-Apigee.fault-code: organizations.InvalidKeyLength
Content-Type: application/json
Content-Length: 160

{
  "code" : "organizations.InvalidKeyLength",
  "message" : "Invalid message pattern found for error code organizations.InvalidKeyLength",
  "contexts" : [ ]
}