Clarification and advice regarding creating tokens with API

Hi,

For my current use case, I would like to have one API token assigned to each of my devices (due to the current HTTP request limits on each token).

This post here from @jotathebest ([FOR REVIEW] USERS API and Token per device) suggests that if my token is not used for 6 hours it will expire.

However, this API page (https://ubidots.com/docs/sw/#tag/Token) states that the token will expire every 6 hours, whether it is used or not.

Could you please clarify which of these is correct?

Furthermore, if a token expires every 6 hours, are there any issues if I continue generating new tokens for each of my devices?
Is there a maximum number of tokens per account can have? (Or a maximum number I can use per day?)

The scale I am considering is 100+ devices, but each of them will require their own API token. Please note that I am an Industrial Ubidots user.

Thanks,
switchroute

Hi @switch_route,

You’re right, the best approach for large deployments as yours (100+ devices) is having a single token per device. That to avoid request rejection based on the throttling per token and increase your account security.

Following up, Ubidots SW Docs might not be precise enough, but truth is that any Token created through the API using the API Key expires after 6 hours if NOT used, otherwise, it will continue to be valid. This is also mentioned in here.

Furthermore, if a token expires, there are no issues if you continue generating new tokens for each of your devices.
Quick notes to this approach, that is, generating token through the API:

  1. If you decide to follow this path, it is best if your devices connect to Ubidots using secure connections over TLS, regardless of the protocol you’re using to send data.
  2. It is important to note that should the API Key be compromised somehow, for example, someone gets its hand in your firmware and hence the API Key, all you devices would also be compromised, so make sure about firmware safety.

With the above in mind, Ubidots is currently working on making each individual device safer and easier to manage in terms of security. To that end, the following features are soon to be released. Please note that, at the moment of writing this reply, said feature are not yet out in production.


Last but not least, reach out to support@ubidots.com and ask to convert a beta tester of the aforementioned functionalities.

–David

Hi @dsr,

Thanks for your reply.

Happy to hear that the tokens won’t expire as long as I keep using it. My devices are transmitting signals nearly all the time, hence that means I won’t have to keep re-generating new tokens - which is great news for me.

Ubidots providing a dedicated device tokens feature is a fantastic idea, I look forward to implementing it when it’s released in production.

For now, I will generate my one hundred or so tokens and use those. (Glad I don’t have to generate them every 6 hours!)