Login
      Contents x
      Create Token Set
        • Print
        • PDF
        Contents

        Create Token Set

          • Print
          • PDF
          Article summary

          Available in Classic and VPC

          Create a token set (access token and refresh token). To create a token, you must have a token generator set up.

          Caution
          • The token possesses all the permissions of the key held by the user who requested its creation.
          • Token generators do not manage the tokens they generate, so they can't be destroyed individually. Therefore, it is crucial to take extra precautions to prevent token leakage.

          Request

          This section describes the request format. The method and URI are as follows:

          MethodURI
          POST/keys/{keyTag}/token-set

          Request headers

          For information about the headers common to all Key Management Service APIs, see the account authentication method in Key Management Service request headers.

          Request path parameters

          You can use the following path parameters with your request:

          FieldTypeRequiredDescription
          keyTagStringRequiredKey tag
          • Unique identifier for the key derived from the key name
          • Check through Get key list
          • Use to request encryption or decryption with REST APIs
          • Key tags are not treated as confidential information

          Request body

          You can include the following data in the body of your request:

          FieldTypeRequiredDescription
          accessTokenHoursInteger or StringOptionalAccess token validity time (hour)
          • 1-17520 (default: 72)
          • UL: Enter for unlimited
          refreshTokenHoursInteger or StringOptionalRefresh token validity time (hour)
          • 1-17520 (default: 2160)
          • UL: Enter for unlimited

          Request example

          The request example is as follows:

          curl --location --request POST 'https://ocapi.ncloud.com/kms/v1/keys/a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6/token-set' \
--header 'x-ncp-apigw-timestamp: {Timestamp}' \
--header 'x-ncp-iam-access-key: {Access Key}' \
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
--data '{
  "accessTokenHours": 72,
  "refreshTokenHours": 2160
}'

          Response

          This section describes the response format.

          Response body

          The response body includes the following data:

          FieldTypeRequiredDescription
          codeString-Success or Failure
          dataObject-Response result
          data.refreshTokenString-The Jason Web Token (JWT) type refresh token created
          data.accessTokenString-The Jason Web Token (JWT) type access token created

          Response status codes

          For response status codes common to all Key Management Service APIs, see Key Management Service response status codes.

          Response example

          The response example is as follows:

          {
  "code": "SUCCESS",
  "data": {
    "refreshToken": "{JWT_REFRESH_TOKEN}",
    "accessToken": "{JWT_ACCESS_TOKEN}"
  }
}
          Was this article helpful?
          What's Next
          Change password!
          Changing your password will log you out immediately. Use the new password to log back in.
          Change profile
          Success!
          First name must have atleast 2 characters. Numbers and special characters are not allowed.
          Last name must have atleast 1 characters. Numbers and special characters are not allowed.
          Enter a valid email
          Enter a valid password
          Your profile has been successfully updated.
          Logout