Admin Tokens - social.plus

Generate

Create new token (1 year)

Rotate

Invalidate & replace

Revoke

Immediate invalidation

Audit

Track usage & age

Least Privilege

Limit who can issue

Compliance

Meet rotation policies

Token Basics

Aspect	Value
Default Expiry	1 year (newly generated)
Visibility	Shown once at creation dialog
Scope	Console administrative API operations
Not Available For	Super Admin accounts

Aspect

Value

Default Expiry

1 year (newly generated)

Visibility

Shown once at creation dialog

Scope

Console administrative API operations

Not Available For

Super Admin accounts

Copy token immediately; it cannot be retrieved later—only regenerated.

Generate Token

Rotation Strategy

Planned Rotation

Generate replacement token → update dependent services → revoke old (grace window ≤24h).

Unplanned Rotation

Suspected leak → immediate revoke → generate new → notify stakeholders.

Inventory Tracking

Maintain registry: owner, creation date, last used timestamp.

Automation Use

Prefer service-specific tokens rather than sharing a personal admin’s token.

Revoke Token

Errors when revoking: non-admin attempts or unknown username.

Metrics

Metric	Description	Threshold
Active Tokens	Count of valid admin tokens	Unexpected growth → audit issuance
Avg Token Age (days)	Mean age since creation	> 300 → schedule rotations
Orphan Tokens	Tokens with no recent usage (≥30d)	>0 → revoke
Compromise Incidents	Confirmed leaks	Any >0 → tighten issuance policy

Metric

Description

Threshold

Active Tokens

Count of valid admin tokens

Unexpected growth → audit issuance

Avg Token Age (days)

Mean age since creation

> 300 → schedule rotations

Orphan Tokens

Tokens with no recent usage (≥30d)

>0 → revoke

Compromise Incidents

Confirmed leaks

Any >0 → tighten issuance policy

Troubleshooting

Issue	Likely Cause	Fix
Cannot generate	Super Admin account	Use general admin account
Token lost	Not stored at creation	Generate new token; revoke old if still active
Script failing after rotation	Not updated credential	Update secret store & redeploy
Revocation error	Username mismatch	Verify exact admin username

Issue

Likely Cause

Fix

Cannot generate

Super Admin account

Use general admin account

Token lost

Not stored at creation

Generate new token; revoke old if still active

Script failing after rotation

Not updated credential

Update secret store & redeploy

Revocation error

Username mismatch

Verify exact admin username

Security

Secure Mode & mTLS

Admin Access

Permission governance

Documentation Index

Generate

Rotate

Revoke

Audit

Least Privilege

Compliance

​Token Basics

​Generate Token

​Rotation Strategy

​Revoke Token

​Metrics

​Troubleshooting

​Related

Security

Admin Access

Token Basics

Generate Token

Rotation Strategy

Revoke Token

Metrics

Troubleshooting

Related