Home
Install
User Guides
Administration
Setup
Infrastructure
Users
OIDC Authentication
GitHub Authentication
Password Authentication
Headless Authentication
Groups & Roles
IDP Sync
Organizations
Quotas
Sessions & API Tokens
Templates
External Provisioners
External Auth
Integrations
Networking
Monitoring
Security
Licensing
Contributing
Tutorials
Reference
Home
/
Administration
/
Users
/
Sessions & API Tokens

Sessions & API Tokens

Users can generate tokens to make API requests on behalf of themselves.

Short-Lived Tokens (Sessions)

The Coder CLI and Backstage Plugin use short-lived token to authenticate. To generate a short-lived session token on behalf of your account, visit the following URL: https://coder.example.com/cli-auth

Session Durations

By default, sessions last 24 hours and are automatically refreshed. You can configure CODER_SESSION_DURATION to change the duration and CODER_DISABLE_SESSION_EXPIRY_REFRESH to configure this behavior.

Long-Lived Tokens (API Tokens)

Users can create long lived tokens. We refer to these as "API tokens" in the product.

Generate a long-lived API token on behalf of yourself

Generate a long-lived API token on behalf of another user

Today, you must use the REST API to generate a token on behalf of another user. You must have the Owner role to do this. Use our API reference for more information: Create token API key

Set max token length

You can use the CODER_MAX_TOKEN_LIFETIME server flag to set the maximum duration for long-lived tokens in your deployment.

See an opportunity to improve our docs? Make an edit.
On this page