Web-API Bearer Tokens and App Features
After installing and running the Web Appplication for the first time, new records in the hyp_Web API Tokens table will be created by the web application itself (as part of the Init process).Here you can manually set the lifespan of each bearer token (per Web-App) and Disable/Enable the Web-App features.
| Field Name | Description |
|---|---|
| Hyper User Name |
This field displays the username saved by the Web-App engine during its first launch.
The username is set upon installation in the INI file on the server and also may be defined in the system’s “Employees and Users” module; in that case, the Web-App will inherit the user's access permissions and system language, as described on the installation guide. |
| Created On UTC | The record creation date and time (UTC). |
| Domain Address | Each Web-App require a unique "Domain Address"/"IP Address". Here you can see what Domain Name was set per application (on the server). |
| Domain Purpose |
Each Web-App has to be is set with a "Purpose". That "Purpose" define the "Web-App" role and the way it operates for the implemented Domain Address.
The setting is done on the server side (.ini file) as explained in Web Application Installation Guide.
Here are the possible options:
|
| Generated Token Life in Hours |
The lifespan of the Access Token when generated for the selected record.
On creation the initial default value is: 1 hour. It can be set manually by the System Admin (values range from 1 to 8760). Upon change the "Access Until UTC" field is recalculated automatically. Upon save the Web-App implements the change automatically. |
| Access Until UTC |
This field sets the expiration date and time of the selected token for that Web App, and it overrides the value defined in the "Generated Token Life in Hours" field.
It can be set manually, or be calculated automatically according to the the field "Generated Token Life in Hours" value. Upon save, the Web-App implements the change automatically. |
| Last Access Token Refresh UTC | The recorded timestamp when the selected Access Token was successfully regenerated via API call (Refresh Token) or manually, by using the "Regenerate Tokens" button. |
| Max Posts per IP per Minute |
Limits the number of API requests allowed from a single IP address per minute to prevent abuse and server flooding.
The Web-App default threshold is 20 posts per minute. above that the D.O.S protection will block all other incoming posts. You can set a higher number in this field and then manualy restart the Web-App (we DON'T recommend passing the 500 posts per minute limit). If this field is empty the Web-App will set the default value according to it's "purpose". |
| Session Timeout # Minutes | The duration of inactivity (in minutes) after which the user's session will automatically time out. |
| Keep Alive UTC | The timestamp of the last "Keep Alive" signal received from the web application. |
| Last Trans UTC | The timestamp of the last data transaction or activity successfully performed via this token. |
| Access Token |
A 120 characters string based key used as a bearer token, to authenticate incoming API requests for the selected Domain Address.
Click on the icon to copy it to the clipboard. |
| Refresh Token |
A 200 characters string based key. This token validity never expires, but it regenerates automatically upon "Refresh Token" API request, or when the "Regenerate Tokens" button is pressed.
Click on the icon to copy it to the clipboard. |
| IP v4 Whitelist |
You can enter a list of permitted IPs per Web-App here.
If this field is empty, the Web App will accept requests from any IP address (non-blocking mode). Otherwise, it will accept requests only from the IP addresses listed in this field. After edit, a manual restart is required. |
| Domain Enabled Modules |
When this field is empty, the Web-App will load the generic modules according to its configured "Purpose".
To load custom modules, enter the name of each module on a separate line. After edit, restart the Web-App. Contact us to inquire if there are any custom modules required for you. |
| Block These Functions | When the Web-App operates as "API mode", enter here the API function names that you wish to block from that same app! |
Let's describe the buttons at the bottom of the page:
 Save Settings
|
This button update the fields: [Access Until UTC] and [Generated Token Life in Hours], and then sends a refresh message to that Wee-App, ordering it to reload the updated tokens. |
|---|---|
 Delete Domain
|
Delete the selected domain row in the tokens table (has no connection to the 'Save' button), and then Sends a refresh msg to the API System, to reload the active tokens. |
 Regenerate (both) Tokens
|
This button creates new "Access Token" & "Refresh Token" as follows:
1. Backs up the previous tokens. 2. Generate new tokens (both access and refresh tokens!) 3. Update the [Last Access Token Refresh UTC] and [Access Until UTC] fields. 4. Send a refresh message to the Web-App, to reload the new tokens. |