Reinforcing our commitment to the security and simplicity of our platform, Azion is pleased to announce the adoption of personal tokens for accessing our APIs and CLI.
What Are Personal Tokens?
A personal token is an exclusive key that can replace traditional means of authentication on a system. By using personal tokens on the Azion Edge Platform, you simplify the way your team accesses our APIs and CLI, as well as ensuring access security for all users.
Why Use Personal Tokens?
First of all, the personal tokens are a feature that dramatically increases user security. It’s well known that users who need to use different systems throughout the day tend to use weaker passwords for each authentication, often using the same password for multiple applications. By using personal tokens, on the other hand, you can create long strings that make it virtually impossible to breach data by using brute force, which is still a very popular method with hackers and other malicious users, as well as being really easy to run.
Let’s just paint a picture here: in the case of Azion, our personal tokens consist of 40 characters between numbers and letters. According to tools that calculate the security of passwords and codes, a computer would need 10e42 (10 with 42 zeros!!) years to crack one of our tokens (chances are that our solar system won’t even exist by then). In addition, personal tokens also prevent exposing access credentials in scripts, enhancing user security
Finally, personal tokens can be created and deleted automatically, without intervention from the company’s security team or helpdesk, which reduces the workflow of these teams and gives users greater autonomy to modify or delete tokens in case of breaches, leaks, or even loss of their codes.
How Do Personal Tokens Work on Azion Platform?
It was already possible to create access tokens on the Azion platform using Real-Time Manager. However, these tokens expired in 24 hours, which made their use more restrictive. From now on, users of our platform can set an expiration date of up to one year for their personal tokens. In addition, the same user can create as many tokens as they want, because they can choose a different token for each API they use, in addition to our CLI, increasing their security and access autonomy.
Creating a Personal Token
Creating a personal token on our platform takes a few seconds and just a few clicks, granting higher access security for up to 1 year!
To create a new personal token, just follow the steps listed below:
- Access Real-Time Manager using your login and password or your GitHub credentials.
- Select the account where you want to create your personal token (if you have more than one account registered on RTM — otherwise, you will be sent directly to your dashboard).
- On the dashboard screen, go to your profile (at the top right of the screen) and select the “Personal Tokens” option from the dropdown menu.
- You will be directed to your Tokens list. To create a new token, click on the “Add personal token” button in the upper right corner of the screen.
- On the configuration screen, you must create a name for your token (“Personal token name”) and select its duration (“Expires in”), which can be of 7, 15, 30, 90 days or a year. Also, you can choose to make a short description (regarding its purpose).
- Click on the “Create token” button (at the bottom right of the screen).
- Your personal token has been created! It will be shown masked (in the “Personal Token” field at the bottom of the screen). You can use the buttons on the right to view your personal token and copy it to the clipboard.
- By clicking the “Ok” button in the lower right corner, you will be taken to your configuration screen, where you will see your new token and all of those you have previously created.
- It’s good to go! Your personal token has been created and you now have the highest level of security to access our APIs and CLI.
It is important to know that on the configuration screen you can also delete any token at any time by clicking on the trash can icon on the right.
You can watch the video below with a step-by-step guide to make this process even easier!
As you can see from 0’49” of the video, using your personal token is also very simple. In the example, the developer uses their newly created personal token to authenticate access to the API and search the list of edge applications in their account. You can also find more details on how personal tokens work on the Azion platform in our documentation.
How to securely store your personal tokens?
Considering that a personal token basically serves the same function as a user’s login credentials, you must treat it with the same care that you treat your most sensitive data. As Azion’s personal token consists of forty characters, you probably won’t be able to rely on your memory alone to store it (especially if you create more than one). So here are some tips to register your tokens without risking you and your company’s safety.
- Avoid registering your tokens in communication apps (such as text message apps or emails), since in these apps you may end up sharing your data by mistake;
- Do not save your tokens on shared machines;
- Preferably store your tokens in locally saved files;
- If you decide to register your personal tokens in notebooks, make sure that you are the only person with access to them and avoid taking them out of your workplace.
Increase your security with Azion today!
At Azion, security is a serious matter. Our latest authentication and access features (Single Sign-On (SSO) and personal tokens) are proven to be effective and are globally adopted by companies that cannot compromise on security, but also value the simplicity of their platforms.
Want to know more about personal tokens or learn about our other solutions? Just talk to one of our experts. Start building, protecting, delivering and observing with Azion!