Using the REST API, I’m obtaining a temporary token for transmitting device state.
Is there any guarantee on the maximum length of this token?
It looks as though the length for Application API Tokens is 252 characters. I will add this to our documentation as well 
Thanks!
Julia
Hello Julia
We seem to be getting much longer authentication tokens; the last two authentications have responded with the following (both 403 bytes long):
token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1ZDY4MjgzYTA2NzZmYjAwMDdiN2VjMzUiLCJzdWJ0eXBlIjoiZGV2aWNlIiwiYXBwIjoiNTkzODM0YWM0MmY1MGMwMDA4ODBjZDNhIiwiZGV2aWNlQ2xhc3MiOiJzdGFuZGFsb25lIiwib3duZXJUeXBlIjoib3JnYW5pemF0aW9uIiwic2NvcGUiOlsiYWxsLkRldmljZSJdLCJrZXkiOiI1OTM4Mzc4MTJiZWFjMjAwMDczNjZiMTMiLCJpYXQiOjE1NjcxMTM4NzIsIXXXX"
and,
token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1ZDY4MjgzYTA2NzZmYjAwMDdiN2VjMzUiLCJzdWJ0eXBlIjoiZGV2aWNlIiwiYXBwIjoiNTkzODM0YWM0MmY1MGMwMDA4ODBjZDNhIiwiZGV2aWNlQ2xhc3MiOiJzdGFuZGFsb25lIiwib3duZXJUeXBlIjoib3JnYW5pemF0aW9uIiwic2NvcGUiOlsiYWxsLkRldmljZSJdLCJrZXkiOiI1OTM4Mzc4MTJiZWFjMjAwMDczNjZiMTMiLCJpYXQiOjE1NjcxMTQ0NzIsImlzcyI6ImFwaS5nZXRzdHJ1Y3R1cmUuaW8ifQ.sheY5dXf0fQMab8rCYKFrHs_rR8gXXXX"
Not sure if it’s significant, but it seems that only the trailing 43 bytes in this token are changing from one authentication to the next.
I became aware of this issue because our authentication routine started failing recently when it was working fine in the past; the root-cause was that I had only allocated 400 bytes for the token.
You are absolutely correct, this is my mistake. I started playing around with them just now and was able to get an Application Token with Custom permissions to 3,273 characters (by setting 100 scopes). It seems that “all permissions,” “read only,” and “custom” all have their own length, and the custom setting varies depending on your number of scopes. I am not sure that “all permissions” and “read only” have static or maximum lengths, but I will keep testing.
Thanks so much for pointing this out!
Julia
1 Like