Alert Workflow for Token Expiration

I want to build an alert workflow that will remind and inform our users of when their user tokens that they’ve initiated in Settings → Tokens->Create New Token.

Is there an API endpoint or similar process I can leverage that will return to me a list of User IDs and the expiration date of the tokens they’ve initiated?

We would then incorporate this into our Ontology and build an alerting workflow so anything powered by user tokens (or service user tokens) have an alert generated of upcoming expiration.

1 Like

Hey - have you been able to find a solution to this problem?

I am facing a similar problem, where we are using a token that has a 6 month expiration date and is used in a webhook. But once the token expires the webhook fails silently and we do not have a way to be alerted once either the token expires or the webhook fails.

Curious to know if anyone has found a solution to this problem?

Looking at an audit log v2 dataset in my Foundry environment, I see the CREATE_TOKEN and REVOKE_TOKEN event types, which together should provide all of the information you need to retrieve the list of currently active user API tokens and their expiration dates (expiration date can be computed by adding the tokenTtl seconds from the request_params column to the time column’s timestamp value). See below for eamples of each event type’s request_params.

CREATE_TOKEN

{"_sourceOrigin":"REDACTED","_auditEventId":"037b049e-25b4-4230-bc24-564e767b38ae","_forwardedOrigins":["REDACTED"],"_auditLogEntryId":"4d73354f-9020-446d-94f8-d2b86cf0fb0c","_category":{"type":"tokenGeneration","tokenGeneration":{"tokenId":"b9b8aadb-7292-441f-ae02-ca8333849799","tokenTtl":1407975,"tokenType":"API_TOKEN"}},"_userAgent":"REDACTED"}

REVOKE_TOKEN

{"_sourceOrigin":"REDACTED","_auditEventId":"82dd6b7b-e030-412f-9339-76d40494b0ef","_forwardedOrigins":["REDACTED"],"_auditLogEntryId":"0cdf0019-d980-4df8-92b0-0858fc90e1fc","_category":{"type":"managementTokens","managementTokens":{"tokenId":"b9b8aadb-7292-441f-ae02-ca8333849799","tokenTtl":0,"tokenType":"API_TOKEN"}},"_userAgent":"REDACTED"}

However, as discussed in the Palantir documentation, user API tokens are intended to exclusively be used for testing, not for production applications. In light of that guidance, I strongly suggest that you migrate to using one of the recommended authentication methods for production applications rather than actually implementing an alerting workflow on top of the abovementioned audit log data (or any other mechanism that may exist for retrieving the list of currently active user API tokens).