Configurable Web Authentication Token Time-to-Live

Version 33.6.1 adds the ability to configure the time-to-live (TTL) for web authentication tokens, enabling shorter token lifetimes for automated tools and enhanced security.

Enhancement: The web interface supports two authentication mechanisms: basic authentication and token-based authentication. Previously, authentication tokens were issued with a fixed 1-day (86,400 seconds) validity period. You can now configure a custom default TTL between 1 minute and 24 hours to accommodate short-lived automation workflows such as Ansible modules while maintaining security best practices.

Key Capabilities:

Configurable default token TTL from 60 to 86400 seconds
API requests can override the default TTL by specifying a TTL property in the request
Configuration persists across reboots
Suitable for integration with automation tools requiring short-lived tokens
Displayed in show switch management output

Token Authentication Workflow

Authentication tokens are generated via API calls to the /auth/token endpoint and used in subsequent requests via the x-auth-token header. The configured default TTL applies when the API request does not specify a TTL property.

Example token generation request:

curl --request POST \
  --url http://<switch-ip>/auth/token \
  --header 'content-type: application/json' \
  --data '{
  "username": "admin",
  "password": ""
}'

Example response:

{
  "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...",
  "ttl": 60
}

New CLI Command

Configure default token TTL:

configure web authentication token default-ttl seconds

Where seconds specifies the validity time in seconds (60-86,400, default 86,400).

Supported Platforms

All platforms.