Forum Discussion

Altostratus

Jul 22, 2016

How BIG-IP Token/Authentication works ?

I'm unable to find anywhere here/documentation/articles anyone that could explain a little bit better the authentication token when you get the response from the Rest. I'm sending the POST to the R...

Cirrus

Jul 22, 2016

The token will timeout after 1200 seconds. All attempts to increase or remove that have been futile for me.

rodolfosalgado_
Altostratus
Jul 22, 2016
Can you do as many calls as you want during this 1200 time window?
ekaleido
Cirrus
Jul 22, 2016
That is my experience. If you create the token every time you call the API, you should get the same token until the 1200 seconds is up. So be sure to always generate the token and insert the token as the header and you'll be able to account for when it expires and becomes a new value.
Satoshi_Toyosaw
Historic F5 Account
Mar 28, 2018
A different token is generated for every request as far as I checked. Tested on 12.1.2 and 13.0.0. The behaviour may be different in a different version. Please post the version number you tested if you can, so I can verify.

Here's a test one-liner:

for i in `seq 1 30`; do curl -sk -X POST -H "Content-type: application/json" \ https:///mgmt/shared/authn/login \ -d '{"username":";", "password":";", "loginProviderName":"tmos"}' | \ python -m json.tool | fgrep '"token": "' | sort | uniq -c; done

To get a list of currently available tokens, run:

curl -sku admin: https:///mgmt/shared/authz/tokens