Obtain authentication tokens

The authentication tokens include two types: an access token and a refresh token.

  • Access token: The access token is a short-lived token (five minutes) used for accessing the WEKA system API and to allow the mounting of secure filesystems.

  • Refresh token: The refresh token is a long-lived token for obtaining an additional access token.


Do one of the following:

  • To obtain the refresh token and access token, through the CLI, log in to the system using the command: weka user login.

    The system creates an authentication token file and saves it in: ~/.weka/auth-token.json. The token file contains both the access token and refresh token.

  • To obtain the refresh token and access token, through the REST API, use the POST /login. The API returns the token in the response body.

Manage long-lived tokens for REST API usage

When working with the REST API, local users may use a long-lived token (a token that doesn't require a refresh every 5 minutes).

As a local user, you can generate a long-lived token using the GUI or the CLI.

Generate a long-live access token using the GUI


  1. From the signed-in user menu, select API Token.

  2. In the Manage API Token dialog, select Generate token and set the expiration time. Then, select Generate.

If you want to revoke all existing login tokens of the local user and refresh them, select Revoke Tokens.

3. Copy the generated token and paste it to the REST API authorization dialog.

The following demonstrates how to generate the API token and authorize it in the REST API.

Generate a long-lived access token using the CLI

Command: weka user generate-token [--access-token-timeout timeout]

The default timeout is 30 days.

To revoke the access and refresh tokens, use the CLI command: weka user revoke-tokens.

Last updated