Does anyone know how long a party access token for the ledger API is supposed to last for? We’re generating party access tokens via the https://login.hub.daml.com/auth/ledger/{{LedgerID}}/party/{{PartyID}}/token end point, which doesn’t return an expiry date. My assumption was that it would be 24 hours, but my experience is that they are expiring before this. Happy to cater for whatever period, but would be good to know what it is to save us getting a fresh token more often than we need.
2 Likes
Access tokens will generally be valid for a maximum of 24 hours, but that “timer” may occasionally be reset when we do behind-the-scenes maintenance (we did a little bit of that last night).
The expiry of the token is defined in the token itself. If you inspect a token using something like https://jwt.io/, you can see the components of it (one of which is the field exp, which indicates expiry in seconds since Jan 1 1970 UTC (rfc7519).
If you want to be able to refresh tokens for up to 30 days, I suggest looking into Service Accounts (https://hub.daml.com/docs/api/iam/#service-accounts).
Thanks for using Daml Hub!
3 Likes
Thanks for getting back to me. I think it’s perhaps the maintenance issue that’s hitting us. I’ll spec a fix to handle the ledger API response when a token has expired, get a new token, and retry.
1 Like