Rotating App Tokens
Rotating App Tokens
By updating one of the application's App Tokens at a time the application can rotate the tokens without running into any conflicts.
Why rotate tokens
There are a few reasons to rotate App Tokens on a fixed interval.
- To replace tokens that have been configured to auto-expire
- To limit the effects of any compromised tokens
In either case, Box supports having two active App Tokens at any time, allowing for a seamless rotation from the old to the new tokens.
Rotation steps
These instructions assume that you have already created a primary and secondary App Token before and are ready to replace either of them.
By following these steps you can configure your application with two new tokens without any issues.
- Assuming your application is using the Primary App Token, go to developer console application. Head to the "Configuration" section of your application "Generate Key" button for the Secondary App Token.
- Update your application with the Secondary Token. Ensure your application is configured with this new token completely before moving on to the next step.
- Once you are confident that the Primary App token is no longer in use, head over to the developer console and click the "Revoke" button for the Primary App Token.