Web-API Bearer Tokens and Features
After you install the Web-APP and run it, new records in the hyp_Web API Tokens table will be created by the web application itself (as part of the Init process).Here you can manualy set the lifespan of each bearer token (per Web-App).
NOTE:
Disabling Bearer Tokens is not recommended, but if necessary could be set manually per Web-App in it's .ini file on the server,
by setting the specific Web-App to run as: "Domain Purpose = Unsecured API mode".
| Field Name | Description |
|---|---|
| Hyper User Name | The web application user name. Automatically saved by the Web-API engine. |
| Created On UTC | The record creation date and time (UTC). |
| Domain Address | Each Web-App require a unique "Domain Address". Here you can see what Domain Name was set per application (on the server). |
| Domain Purpose |
Each Web-App is set with a "Purpose". This field shows what purpose is set for this application. This seting is done on .ini file (on the server).
Here are the options:
|
| Generated Token Life in Hours |
The lifespan of the token when generated.
On creation the initial default value is: 1 hour. It can be set manually by the System Admin (values range from 1 to 8760). Upon change the "Access Until UTC" field is recalculated automatically. Upon save the Web-App implements the change automatically. |
| Last Access Token Refresh UTC | Last time that the "Access Token" was regenerated by the API or manually by Admin user. |
| Access Until UTC |
The expiry date of the Access Token.
This value can be set manually, or calculated automatically according to "New Token Validity in Hours" value. Upon change the "...Token Life in Hours" field is recalculated automatically. Upon save the Web-App implements the change automatically. |
| Max Posts per IP per Minute |
The Web-App default threshold is 100 posts per minute. above that the D.O.S protection will block all other posts.
for higher posts volume you can set a higher number in this field and then manual restart the Web-App. P.S. we recommend NOT to pass the 500 posts per minute. |
| Access Token |
A 120 characters string based temporary token.
Click on the icon to copy it to the clipboard. |
| Refresh Token |
A 200 characters string based token. The refresh token validity never expires, but regenerates according to "Static Refresh-Token Value".
Click on the icon to copy it to the clipboard. |
| IP v4 Whitelist |
You can enter a list of permitted IPs here.
When empty = open to all (non blocking mode), otherwise it will communicate only to the IPs in this field. After edit, a manual restart is required. |
| Domain Enabled Modules | When the Web-App operates as "API mode" OR "Unsecured API mode", enter here the API function names that you wish to block! |
| Block These Functions |
When Web-App operates as "Default Web Portal", you can set this field with special values that will activate modules accordingly.
Contact us for the values required to you. |
Let's describe the buttons at the bottom of the page:
 Save Settings
|
This button update the 2 fields from the Tokens table: [Valid Until UTC] and [New Token Validity in Hours], and then Sends a refresh msg to the API System, to reload the new tokens. |
|---|---|
 Delete Domain
|
Delete the selected domain row in the tokens table (has no connection to the 'Save' button), and then Sends a refresh msg to the API System, to reload the new tokens. |
 Regenerate (both) Tokens
|
This button creates new "Access Token" & "Refresh Token" as follows:
1. Backup Previous tokens. 2. Generate new tokens (regardless of the state of the "Static "Refresh-Token" Value" field)! 3. Update the [Refresh Point UTC] and [Valid Until UTC] fields. 4. Send a refresh msg to the API System, to reload the new tokens. |