Long-term access token in API Management REST API

Question

I use API Management REST API to create and manage users, and I have to regenerate the access token every 30 days. It's a bit of a hassle to update my web applications every month.

Is there a better way?

I know I can do it programmatically, too, but I am not sure it's a healthy practice to do it every time.

Answer 1

Whatever you do via APIM SAS token you can do via ARM. With ARM you can create service identity and use it to manage your resources: https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal?view=azure-cli-latest

Answer 2

There's a lot of approaches to handle the access token.

To be simplest, you can put the token to a cache system, and set the expire time (like using SETEX in Redis), which is 30 days after in your case. So after 30 days, your access token will be removed automatically by the cache system.

When you need access token but you found it is missing, it means that the access token has expired or you never generated the access token. Whatever, you can generate the access token in your program and put it to the cache system. After that, in next 30 days, you can always use that access token.

In addition, due to time differences between your machine and the servers, it's recommended that set the expire time in your cache system a little bit before the real expire time. So in your case, you can set the expire time with 29 days in your cache system, which guarantee the access token is absolutely valid in remote server.