Skip to content

Using an SDK token

SDK token is a type of bearer token that can be used to authenticate against some of our APIs to access functionality necessary for streaming actions. Think of SDK tokens like a token you use to access portal but very limited in scope.

Each workspace comes with two of these tokens, limited in use for that specific workspace. We call them Token 1 and Token 2, also known as Current and Next token.

How to find

You can access these tokens by going to your topics and clicking on broker settings.

How to use

These tokens can be used to authenticate against the API, but their primary intended use is to be used with the client library. When using it with QuixStreamingClient, you no longer need to provide all broker credentials manually, they’ll be acquired when needed and set up automatically.

When deploying or running an online IDE, among other environment variables Quix__Sdk__Token is injected with value of Token 1.

You should always use Token 1, unless you’re rotating.

Caution

Your tokens do not have an expiration date. Treat them as you would a password. If you think they’re exposed, rotate them.

Rotating

Having two keys lets you update your services without interruption, as both Token 1 and Token 2 are always valid. Rotating deactivates Token 1, Token 2 takes its place and a new Token 2 will be generated.

You have two main options regarding how you rotate.

The easiest way to rotate comes with some service downtime. This assumes you do not directly set the token for your QuixStreamingClient, instead you let the platform take care of it for you by using the default Quix__Sdk__Token environment variable. In this scenario all you have to do is rotate keys, stop and start all your deployments. Until a service is restarted it’ll try to communicate with the platform using the deactivated token. If you’re using local environments, those need updating manually.

The alternative option is a bit more labour intense, but you can achieve no downtime. This requires you to set a new environment variable you control. This should point to the token to be used. Provide the value of this environment variable to QuixStreamingClient by passing it as an argument. Once you have that, set the value of this environment variable to Token 2 and start your services. When you’re sure you replaced the tokens for all services, rotate your keys.

Note

Only users with Admin role can rotate.