Generating Tokens

Overview

For a device to be able to interact with a Signal K server with security enabled, it is require to pass an access token with each request.

Examples include display / gauge, temperature sensor or client with no user interface.

To get an access token the following methods can be used:

  1. The device can submit an Access Request which needs to be actioned via the Signal K Server UI.
  2. Generate a token against a user account that has been configured on the Signal K Server.

Generate Token

To generate a token against a user account that has been configured on the Signal K Server use the signalk-generate-token utility.

The signalk-generate-token utility is run from a terminal session on the Signal K Server and accepts the following parameters:

  • -u <username>: The user account against which the token is created.
  • -e <time to live>: The duration of time for which the token is valid.
    • 1y = 1 year
    • 2h = 2 hours
    • 10m = 10 minutes
    • 5s = 5 seconds
  • -s <path to security.json>: The path to the Siganl K Server's security.json file (e.g. ~/.signalk/security.json)

Example: Generate a token against the user "TempSensorDevice" that is valid for 1 year.

signalk-generate-token -u TempSensorDevice -e 1y -s ~/.signalk/security.json

Note: The device using the token will have the same permissions as the user account the token was generated against. It is recommended that you create a specific user with the appropriate permissions for use with the device.

Access Requests

For information regarding Access Requests, see the Signal K specification.