1. Credly, Inc.
  2. Tech Topics
  3. Tech Topics

Auth Tokens for Authorization

 

What are Auth Tokens?

Authorization tokens are used when integrating systems. An auth token verifies the identity so you don't need to log in every time your API makes a call.

For security purposes, we are going to begin “time boxing” auth tokens. An auth token will have a shelf life of 180 days. Then it will expire and you will need to refresh it (generate a new auth token).

 

Expirations

Authentication tokens will have an expiration date 180 days from when they were created.

Organizations using auth tokens will need to rotate tokens every 180 days by using the API or by generating a new token in the platform.

 

How do we update the token?

You generate a new auth token and replace the old one wherever it's being used.  Using the API, the documentation can be found at Retrieving Auth Tokens and Rotating Auth Tokens documentation.

 

If you are doing this in the platform, navigate to Developers -- Authorization Tokens and Add Token. Be sure to indicate permissions.

 

screenshot showing auth token tab

displaying how to create new token

Once you have added the token, click on the old version and delete. Swap the new for the old wherever you use the auth token in your system.

displaying delete function

 

 

Next, How would I know the expiration of my auth token?

Credly >> Developers >> Authorization Tokens.  When you click into the token, the expiration will be displayed.

 

Other FAQs:

How do I know if this impacts my program?

If you are manually issuing badges and you don't have an integration that uses an API token, no action is necessary. Tokens were automatically generated when your account was created. 

 

What happens if a token expires?

If your token expires and it was in use, it will prevent your integration from working. A new token will get things moving again, but we want you to avoid any disruption.

 

How do we replace or rotate tokens?

  • Tokens can be rotated via API. View API Docs here. We recommend that you schedule the rotation to happen in advance so you never have to worry about it. 
  • You can also generate new tokens in the platform under the Developers section. The token will then need to be replaced in your application. This will need to occur every 180 days prior to the next expiration date.

Why is this change happening?

This is a security measure to safeguard your organization's data and adhere to industry-wide standards.

 

Do we have any other options?

Yes! Credly also supports authentication via OAuth2.0, which would allow you to avoid this token rotation process. View Docs Here.

 

 

Have more questions? Submit a request

Articles in this section

See more