How to Rotate Your Tokens
We take your data security seriously, and as some of you may be aware, we recently had a data breach affecting 'read' and 'write' scoped tokens. As a precaution, we've expired these tokens. Here's how you can regenerate them without breaking a sweat.
What is Token Regeneration?
Before we dive into the specifics, let's understand what regenerating a token means. When regenerating a token, you maintain the same scope(s), rate limits, and names. What changes are the access key and the created at date. We have added this to the name column so that you can quickly tell which access tokens are new. This will allow you to swiftly rotate tokens without going through the process of creating a new one.
Regenerate Tokens on the Project Page
Since we have expired all read and write tokens, we developed an easier way for you to regenerate your expired read and write tokens. When you navigate to your project's access token page, you'll find a banner informing you about the compromised tokens. For more details, you can read our blog post here.
Below the banner, you'll find two lists: one displaying your active tokens and another listing your expired tokens. To regenerate all expired tokens for that specific project, click "Regenerate All Tokens." This action will not only regenerate all the expired tokens but also delete them.
If you'd prefer to regenerate a specific expired token, just click on the "Regenerate Token" button next to it. Doing so will regenerate that token and remove it from the list of expired tokens.
Regenerate Tokens at the Account Level
On the project list page, a similar yellow banner will inform you about the action needed. This time, you'll see a "Take Action" button which opens a step-by-step modal.
Token Action Modal
Learn More: The first step is informational. Understand what you're about to do and, for an in-depth understanding, follow the link to our blog post.
Regenerate All Tokens: The second step is where the action happens. Clicking this might take a moment, especially if you have multiple tokens across several projects.
Download CSV: The final step allows you to download a CSV containing all new active tokens, token names, project IDs, and project names. This will help you to quickly replace the tokens in your application.
Important Note: If you exit the modal without downloading the CSV, you won't be able to retrieve it later. Similarly, if you download the CSV before regenerating the tokens, you'll only get a list of currently active tokens, which won't be useful.
Manually Update Your post_server_item Tokens
Effective October 10th, 2023, at 12:00 a.m. UTC, all tokens with the scope of "post_server_item" will expire. To facilitate a smooth transition, we've recently released a new user interface [Link to PAT release blog] to manage these tokens more efficiently. This updated interface features color-coded token statuses, including a special "expiring soon" status to alert you about tokens that need rotation.
To manage your "expiring soon" tokens, navigate to the project access token page under your project settings. There, you'll find two options for rotating these tokens:
Your first option involves a bulk regeneration. Simply click on the down arrow next to "regenerate all tokens," located above the table, and select "Regenerate all tokens that expire soon" from the dropdown. A modal window will appear for confirmation. Upon confirming, a new active token with the same scope, rate limits, and name will appear at the top of the list.
If you prefer a more targeted approach, you can choose to regenerate tokens or do so in bulk individually. Locate the tokens with the "expiring soon" status and check their corresponding checkbox. Then, navigate to the top of the table, where you'll find a "Regenerate" button. Clicking this will give you a modal window to confirm the action. Once done, new active tokens will populate at the top of your list, maintaining their original scope, rate limits, and names.
Once tokens are regenerated, utilize our copy feature to grab the new token(s) key. Replace the old token key with this new one in your application's codebase. After deploying these changes, take a moment to verify that your occurrences from your project are still funneling into our system by checking the item list in your project.
Once you have generated a new token and confirmed it's functioning as expected, you can proceed to expire or delete the old "expiring soon" token. To do this, simply find and select the token in question, navigate to the top of the table, and choose the appropriate action. Note that expiring a token will disable it permanently, but it will remain in your project's settings for record-keeping. On the other hand, deleting a token will disable and remove it from the system entirely.
We hope this guide proves helpful to you. We've included a video guide below for those who prefer a visual walkthrough. Our support team is always available to assist you if you have any further questions or encounter any issues.