CrowdSec LAPI tokens

We’re trying to find a solution with CrowdSec’s Swagger API and I would like to know what happens to generated token via ‘POST’ watchers/login after we generate a new session with the same ‘POST’ method? Does it expires once we generate a new token or does it stays active until it’s expiration date? Also can we modify it’s expiration time period?

When I try to use ‘GET’ method for decisions, I keep getting following response:

{“message”:“access forbidden”}

How do you authenticate bouncers via API, seems like it doesn’t accept watchers/login generated token?

Thank you.

The swagger documentation is split between JWT based auth (watchers) and X-Api-Key header auth (bouncers). Bouncer have only access to read data from the decision routes , they can be generated through (cscli bouncers add mybouncer). JWT auth is read/write access, the JWT token does not expire if a new one is generated as we do not know from the context if a client is reusing credentials, atm there is no option to modify the expiration date.

For bouncer you must only use the X-Api-Key token to access those routes. Routes cannot be access by either they are scoped to what they can access via swagger docs.

1 Like

Thank you for a well explanation and quick response.