Navigation

    SmartAPI Forum
    • Register
    • Login
    • Search
    • Categories
    • Popular
    • Groups
    • FAQs
    • API Docs

    Changes in JWT Token Validity

    General Discussion
    0
    2
    158
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Moderator_1 last edited by

      Dear SmartAPI Users,

      We have made some changes wrt to validity of JWT token received after login. A fresh token is valid for 24-28 hours, instead of the previous time of 5 AM in the morning.
      To check the validity and expiry time of your token, you can write a simple script in any programming language to decode it. We are sharing a sample for Python here:

      import base64
import json
from datetime import datetime, timedelta
import jwt

def extract_inner_token_payload(outer_token):
    try:
        parts = outer_token.split('.')
        if len(parts) == 3:
            inner_token = parts[1]
            # Adding padding to make the inner token length a multiple of 4
            padded_inner_token = inner_token + '=' * (-len(inner_token) % 4)
            # Decoding the inner token's payload manually
            decoded_payload = base64.urlsafe_b64decode(padded_inner_token.encode() + b'==').decode()
            return decoded_payload
        else:
            return {'error': 'Invalid token format'}
    except Exception as e:
        return {'error': f'Error: {str(e)}'}

# Replace 'YOUR_OUTER_JWT_TOKEN_HERE' with your actual JWT token
your_outer_jwt_token = 'your_actual_JWT_token_here'

decoded_payload = extract_inner_token_payload(your_outer_jwt_token)
if 'error' in decoded_payload:
    print(decoded_payload['error'])
else:
    print("Inner Token Payload:")
    print(decoded_payload)

    try:
        # Parse JSON payload
        parsed_payload = json.loads(decoded_payload)

        # Access and print the expiry time in GMT+5:30
        if 'exp' in parsed_payload:
            expiry_timestamp = parsed_payload['exp']
            print("\nExpiry Timestamp (UTC):", expiry_timestamp)

            # Convert UTC to IST (GMT+5:30)
            expiry_datetime_utc = datetime.utcfromtimestamp(expiry_timestamp)
            ist_offset = timedelta(hours=5, minutes=30)  # IST is UTC+5:30
            expiry_datetime_ist = expiry_datetime_utc + ist_offset

            print("Expiry Datetime (GMT+5:30):", expiry_datetime_ist.strftime('%Y-%m-%d %H:%M:%S'))
        else:
            print("Expiry time not found in token payload.")
    except json.JSONDecodeError:
        print("Invalid JSON format in the decoded payload.")

      Otherwise, you can go to online tools like https://jwt.io/ and paste your JWT token there and decode.

      As a best practice, you should logout at the end of the day after your trading activity.

      1 Reply Last reply Reply Quote 0
      • S
        sarika78 last edited by

        Extending the validity period of a JWT token beyond what is advised might increase the risk of security breaches by creating a larger opening for possible attacks such as replay or token theft. Following recommended best practices for token lifetimes is essential to keeping a strong security posture.👓

        1 Reply Last reply Reply Quote 0
        • First post
          Last post