A token is a universal tool to manage access to the flespi platform. Access can be limited by time and by level. Token fields expire and TTL (time-to-live) are used to limit token usage by time. Token fields ACL (Access control list) and IP whitelist are used to control token rights.
You cannot create a token without time limitations. So token MUST expire at some point of time. When creating a token you have to specify either TTL or expire parameter. Or both. If expire time is greater than the current time + TTL, then TTL is not used. Otherwise, each time you access platform the expire-field is updated with the value of the current time + TTL. Therefore, each use of a token with non-empty TTL prolongs token’s life by TTL. See more details in tokens API Documentation.
Depending on the access control level tokens can be:
Standard — a basic token sufficient for working with all Telematics hub features (cannot create other tokens).
Master — the almighty token granting access to the flespi platform API and allowing the creation of other tokens.
ACL — a flexible type of token allowing customization of permissions by module and object type.
In ACL you can specify the list of requests allowed to use by the token:
mqtt is a special topic for MQTT API usage. Along with methods to control MQTT broker API it allows creating tokens that are allowed to subscribe or publish to desired topics. E.g. you can create a token for your customer that is allowed to receive messages only from the related device:
In the IPs whitelist, you can point the CSV list of masks (wildcards are supported) of IP addresses which are allowed to use the token. Example: 10.100.15.*,192.168.56.1?,127.0.0.1. In case of IP mismatch, the HTTP request will respond with 401 code and error “using token from unauthorized location”; MQTT connection will be closed after failing authorization with the appropriate MQTT code.