Revoking Tokens

Access Tokens are shared secrets between the account user and Beebotte. They grant their holder access to Beebotte API. The user is responsible for keeping them safe.

In order to revoke access granted to a token, the user can:

Channel Token Regeneration

A Channel Token can be regenerated using the Web Console by selecting Create new token from the channel settings drop down.

Beebotte API gives the possibility to regenerate Channel Token programmatically. Channel Token authentication provides read and write access to only one channel: the one the token is associated with. If you think the token was compromised, you can simply regenerate a new token for the corresponding channel. This can be done as follows:

Channel Token Regeneration operation require authentication using the account API and Secret Keys or using an IAM Token with admin:channel:write access.

Regenerating a new channel token will invalidate the old token. Any connection using that old token will be dropped. Don't forget to update your application or connected devices with the new token following the regeneration.

bclient.regenerateChannelToken('channel1', function(err, channel) {
    if(err) console.log(err);
    // On success channel.token is the new generated token
    console.log(channel.token);
});
channel = bclient.regenerateChannelToken('channel1')
## channel.token is the new generated token
print channel.token
// This operation is not available yet!
// This operation is not available yet!

Revoke IAM Token

IAM Tokens can be managed from the Access Management tab in the Account Settings page. A token can be revoked simply by clicking on revoke button in IAM tokens list.

Beebotte API gives the possibility to revoke IAM Tokens programmatically. IAM Tokens provides custom access to Beebotte. If you think the token was compromised, you can simply revoke it. This can be done as follows:

Revoking an IAM Token requires authentication using the account API and Secret Keys or using an IAM Token with admin:iam:write access.

Revoking an IAM Token will delete it completely from the user account. Any connection using the revoked Token will be dropped.

bclient.deleteIAMToken('tokenid', function(err, tkn) {
    if(err) console.log(err);
    // On success the token will be deleted
});
# This operation is not available yet!
// This operation is not available yet!
// This operation is not available yet!