Hey y’all! Carolina from support here again!!
If your API calls suddenly stop working, there’s a good chance your token expired. In TagoIO, tokens authenticate your apps and devices, and they can be temporary or never expire. Let’s break down the difference.
What’s a Profile Token anyway?
It’s the credential your external apps use to call the TagoIO API to manage devices, dashboards, files, Analysis, and more. Treat it like a password: keep it secret and scoped to the bare minimum.
Token types by lifespan:
Temporary (default)
Auto-generated tokens (like those created on login) expire in 3 months and are deleted after expiration or manual logout.
-
Pros: Reduced exposure window if leaked; rotate automatically with login cycles.
-
Cons: They expire — your integration must handle renewal to prevent downtime.
-
Best for: Development, testing, short-lived automations.
Never-expiring
You can create a Profile Token with no expiration date (infinite lifespan).
-
Pros: Zero surprise expirations; reliable for headless production services.
-
Cons: Higher risk if compromised — the token stays valid forever until you manually revoke it.
-
Best for: Stable production integrations where you control the environment.
Important to keep in mind:
-
Temporary = safer but needs renewal.
-
Never-expiring = convenient but requires strict security discipline.
In the next post, I’ll cover when to use (and when NOT to use) never-expiring tokens, plus best practices to keep them safe. Stay tuned!
Cheers,