Forum Discussion

Dave_Noonan's avatar
Jan 10, 2020

API Token Length

We've got four Big-IP pairs, two running 11.6.1 and two running 12.1.3.2. When we connect to the API we get a token in the response but the they're different lengths. The 11.6.1 Big-IPs return a 128 character token while the 12.1.3.2 boxes return a 26 character token.

 

Searching hasn't helped. Does anyone know why the token is shorter or if there's a setting somewhere that I can tweak to make my security folks happy?

 

Thanks

 

    • Dave_Noonan's avatar
      Dave_Noonan
      Icon for Cirrus rankCirrus

      Per the instructions here: Authentication and Authorization

      I'm hitting /mgmt/shared/authn/login. The code and returned tokens are shown below. Only difference is length.

       

      curl --location --request POST 'https://v11_6_1-Big-IP/mgmt/shared/authn/login' \
       --header 'Content-Type: application/json' \
       --header 'Authorization: Basic 'xxxxxxxxxxxxxxxxxxxxxxxx' \
       --data-raw '{
           "username":"USER",
           "password":"PASSWORD",
           "loginProviderName":"tmos"
       }'
       
      XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
       
       
      curl --location --request POST 'https://v12_1_3_2-Big-IP/mgmt/shared/authn/login' \
      --header 'Content-Type: application/json' \
      --header 'Authorization: Basic xxxxxxxxxxxxxxxxxxxxxxxx' \
      --data-raw '{
      		"username":"USER",
      		"password":"PASSWORD",
      		"loginProviderName":"tmos"
      }'
       
      XXXXXXXXXXXXXXXXXXXXXXXXXX

       

  • Hi,

     

    From my reserach about iControl REST API Guide on both version. It doesn't mention about API Token length.

    Normally if document not said anything. It mean you cannot change / modify, cause it seem like a hardcode in F5 software.

     

    To make sure, please open case to F5 support. I think support can help you to answer.

     

     

  • FYI, Support went off to the dev team and eventually they did say that the token generation was changed to be both shorter and more secure.