Sessions & API Tokens
Users can generate tokens to make API requests on behalf of themselves.
Short-Lived Tokens (Sessions)
The Coder CLI and
Backstage Plugin use short-lived
token to authenticate. To generate a short-lived session token on behalf of your
account, visit the following URL: https://coder.example.com/cli-auth
Session Durations
By default, sessions last 24 hours and are automatically refreshed. You can
configure
CODER_SESSION_DURATION to
change the duration and
CODER_DISABLE_SESSION_EXPIRY_REFRESH
to configure this behavior.
Long-Lived Tokens (API Tokens)
Users can create long lived tokens. We refer to these as "API tokens" in the product.
Generate a long-lived API token on behalf of yourself
Visit your account settings in the top right of the dashboard or by navigating
to https://coder.example.com/settings/account
Navigate to the tokens page in the sidebar and create a new token:
Generate a long-lived API token on behalf of another user
You must have the Owner role to generate a token for another user.
As of Coder v2.17+, you can use the CLI or API to create long-lived tokens on behalf of other users. Use the API for earlier versions of Coder.
coder tokens create my-token --user <username>
See the full CLI reference for
coder tokens create
Set max token length
You can use the
CODER_MAX_TOKEN_LIFETIME
server flag to set the maximum duration for long-lived tokens in your
deployment.