Automatically translate this page?

How to create a complex flespi token?

Setting up time control and access control for the flespi tokens.

A token is a universal tool to manage access to the flespi platform. Access can be limited by time and by level. Token fields expire and TTL (time-to-live) are used to limit token usage by time. Token fields ACL (Access control list) and IP whitelist are used to control token rights.

Time control

You cannot create a token without time limitations. So token MUST expire at some point of time. When creating a  token you have to specify either TTL or expire parameter. Or both. If expire time is greater than the current time + TTL, then TTL is not used. Otherwise, each time you access platform the expire-field is updated with the value of the current time + TTL. Therefore, each use of a token with non-empty TTL prolongs token’s life by TTL. See more details in tokens API Documentation.

flespi token expire ttl

Access control

Depending on the access control level tokens can be:

  • Standard — a basic token sufficient for working with all Telematics hub features (cannot create other tokens).

  • Master — the almighty token granting access to the flespi platform API and allowing the creation of other tokens.

  • ACL — a flexible type of token allowing customization of permissions by module and object type.

In ACL you can specify the list of requests allowed to use by the token:

flespi token acl setup

Note: You can also specify ACLs for specific submodules within a module, e.g. you can grant access to the device settings while not allowing to modify the device itself:

flespi token acl submodule

mqtt is a special topic for MQTT API usage. Along with methods to control MQTT broker API it allows creating tokens that are allowed to subscribe or publish to desired topics. E.g. you can create a token for your customer that is allowed to receive messages only from the related device:

mqtt flespi acl

In the IPs whitelist, you can point the CSV list of masks (wildcards are supported) of IP addresses which are allowed to use the token. Example: 10.100.15.*,, In case of IP mismatch, the HTTP request will respond with 401 code and error “using token from unauthorized location”; MQTT connection will be closed after failing authorization with the appropriate MQTT code.

See also
Basic subaccounts actions explained: create, log in, share the link, change credentials.
Manage tracking devices communicating with Wialon through flespi.