Hi Robert,
Just wanted to give a little clarification on the token. You are absolutely correct in that the token is only visible during creation. If you look at the audit log, what you actually see is a UUID that references the token, not the actual token. So the token is always 100% secure and the UUID is available to track the token in the regular audit log for 6 months and over a year with premium analytics. They definitely look very similar.
Hope that helps
------------------------------
Fred Glauser
------------------------------
Original Message:
Sent: 06-20-2025 06:31
From: Robert den Ouden
Subject: Mist tokens
I noticed when creating a api token, this token is only visible during creation of the token. Security-wise this is very responsible behavior.
When you have elevated user rights you are able to audit logs. The audit logs clearly state the api-token and is visible for 6 months.
To increase security I want the api token in the audit log visible for 7 days ( for trouble shooting purposes ). And after 7 days the api token should be partially visible. If you agree please vote on idea : https://ideas.mist.com/forums/912934-product-features/suggestions/50055468-token-exposure
------------------------------
Robert den Ouden
------------------------------