Using an SDK token
SDK token is a type of bearer token that can be used to authenticate against some of our APIs to access functionality necessary for streaming actions. Think of SDK tokens like a token you use to access portal but very limited in scope.
Each workspace comes with two of these tokens, limited in use for that
specific workspace. We call them
Token 1 and
Token 2, also known as
How to find
You can access these tokens by going to your topics and clicking on broker settings.
How to use
These tokens can be used to authenticate against the API, but their primary intended use is to be used with the SDK QuixStreamingClient. When using it with QuixStreamingClient, you no longer need to provide all broker credentials manually, they’ll be acquired when needed and set up automatically.
When deploying or running an online IDE, among other environment
is injected with value of
You should always use
Token 1, unless you’re rotating.
Your tokens do not have an expiration date. Treat them as you would a password. If you think they’re exposed, rotate them.
Having two keys lets you update your services without interruption, as
Token 1 and
Token 2 are always valid. Rotating deactivates
Token 2 takes its place and a new
Token 2 will be
You have two main options regarding how you rotate.
The easiest way to rotate comes with some service downtime. This assumes
you do not directly set the token for your QuixStreamingClient, instead
you let the platform take care of it for you by using the default
environment variable. In this scenario all you have to do is rotate
keys, stop and start all your deployments. Until a service is restarted
it’ll try to communicate with the platform using the deactivated token.
If you’re using local environments, those need updating manually.
The alternative option is a bit more labour intense, but you can achieve
no downtime. This requires you to set a new environment variable you
control. This should point to the token to be used. Provide the value of
this environment variable to QuixStreamingClient by passing it as an
argument. Once you have that, set the value of this environment variable
Token 2 and start your services. When you’re sure you replaced the
tokens for all services, rotate your keys.
Only users with Admin role can rotate.