Time Token

Time Token is comprised of two interceptors: Time Token Generator and Time Token Validation. They are used together to create a token with predetermined expiration time (a time token) and validate a request that contains a time token.

These are some cases of time token use:

  • Exposure of some system resource for a short period (from seconds to a few minutes), just for the time needed for access. This is the case of temporary access given to third parties for maintenance, or special transactions where, due to security measures, access should be guaranteed only for the next minute.

  • Use of the validity of the token to establish a time limit for access to some resource. This is the case with the validity of flash sales or the limit for the delivery of school homework, such as in time-limited tests.

Time Token Generator

This interceptor creates a token with predetermined expiration time defined in milliseconds (ms). It must be added to the response flow and it can only be placed in the header or cookie.

To configure the Time Token Generator interceptor, you must inform the location and name of the token (see image below).

The Time to live field is optional, measured in milliseconds (ms). If informed, the system will consider the value as the expiration time for the token. If left blank, the default system value (30000 ms) will be applied.

The fields Flux, Variable location, and Variable are used to add a token to the hashkey, which, in turn, is used in the time token generation.

timetokengenerator

The image above describes a token being set up with the following traits:

  1. The time token will be generated and added to response header

  2. The name of the time token will be token.

  3. Its expiration time is 60 seconds (60000 ms) from when it is generated

  4. A new token will be added to the hashkey.

Time Token Validation

This interceptor validates a time token, checking if its validity has not expired. It must be added to the request flow and it can only be placed in the header or cookie.

To configure it, you must inform the location and name of the token, which must be the same values inserted in the Time Token Generator interceptor.

timetokenvalidation
The Time to live field is optional, but if informed in the Time Token Generator interceptor then it must be informed again with the same value.
If your API returns the status code 401 Unauthorized when using this interceptor, the token may be invalid. See more details on this page of our FAQs.
Thanks for your feedback!
EDIT

Share your suggestions with us!
Click here and then [+ Submit idea]