Invalidate REST API token

chris1 · June 3, 2020, 12:49pm

Description

Hi! Is there a possibility to automatically invalidate access tokens after a period of time? I am talking about rc_token which gets set as a cookie once logged in. Even if I set the “Login expiration in days” to 1 in the Admin settings, I can still do REST API calls indefinitely after 1 day by setting the X-Auth-Token to whatever the rc_token was.

I came across this “official” answer from a Rocket.Chat employee saying Currently the authentication tokens obtained via the Rocket.Chat REST API have no expiration date. (Rocket.Chat) Never expire auth token - Stack Overflow

I wonder if that changed somehow during the last 3 years can anyone help?

Topic		Replies	Views
Increasing authentication token length and changing expiry time Community Support	1	1596	February 15, 2021
Auth token refresh rate? Community Support	2	817	July 22, 2022
Cookie problem in REST API Community Support	3	2953	May 30, 2018
App login expires Community Support	1	1522	August 25, 2021
Permanent Auth Tokens Community Support	0	589	June 11, 2020

[Rocket.Chat v7.0: Join the webinar] Roadmap Reveal: on-prem AI, VoIP, and more! Save your seat ->

Invalidate REST API token

Description

Related topics