Token lifecycle and revocation¶

On token creation¶

• The system displays a bearer token once. Copy it immediately for use.
• The token remains active until it expires or you revoke it.

Revoke action¶

When you select the Revoke button:

• The token becomes invalid.
• The input fields reset, allowing you to set a new expiration date and generate a new token.

Automatic revocation conditions¶

Token-based access ends if:

• The token expires.
• Export API access is disabled at the tenant level.
• The user is deleted or removed from a role with Export API permissions.

Best practices¶

• Always check your token’s status before use. Expired or revoked tokens return 403 Forbidden errors.
• Keep tokens private and rotate them periodically for security.