Docs Puppet Enterprise Managing access RBAC API RBAC API v1 Token endpoints Token keys

Token keys

Sections

The following keys are used with the token endpoint.


Key	Explanation
`login`	The user's login for the PE console (required).
`password`	The user's password for the PE console (required).
`lifetime`	The length of time the token is active before expiration (optional).
`description`	Additional metadata about the requested token (optional).
`client`	Additional metadata about the client making the token request (optional).
`label`	A user-defined label for the token (optional).

The lifetime key

When setting a token's lifetime, specify a numeric value followed by y (years), d (days), h (hours), m (minutes), or s (seconds). For example, a value of 12h is 12 hours. Do not add a space between the numeric value and the unit of measurement. If you do not specify a unit, it is assumed to be seconds. If you do not want the token to expire, set the lifetime to 0. Setting it to zero gives the token a lifetime of approximately 10 years.

Tip: The default lifetime for all tokens is also configurable. See Change the token's default lifetime for configuration instructions.

The label key

You can choose to select a label for the token that can be used with other RBAC token endpoints. Labels:

Must be no longer than 200 characters.
Must not contain commas.
Must contain something other than whitespace. (Whitespace is trimmed from the beginning and end of the label, though it is allowed elsewhere.)
Must not be the same as a label for another token for the same user.

Token labels are assigned on a per-user basis: two users can each have a token labelled my token, but a single user cannot have two tokens both labelled my token. You cannot use labels to refer to other users' tokens.