Mobb Broker Token Rotation
Background
The purpose of the Mobb broker token is to encrypt the tunnel established between your on-premise SCM (GitLab, GitHub or ADO) and the Mobb platform. It acts as an authentication token to secure the communication and ensure only authorized connections can be established through the broker.
By default, the broker token automatically expires after 3 months (92 days) after creation. This policy ensures the security of the tunnel by regularly renewing authentication, reducing the risk of long-term token exposure or misuse.
These capabilities are currently only available via the following APIs. They will be added to the Mobb UI very soon.
Reference APIs to Perform Token Rotation
URL and Authentication
The following data should be set in every call to the API:
URL
All API calls should go the following URL: https://api.mobb.ai/v1/graphql
For single tenant users, your URL should be:
https://api-st-<YOUR_SINGLE_TENANT_ID>.mobb.ai/v1/graphql
x-mobb-key
Authentication token: an api-key
fetched from the setting of a user with appropriate permissions in the organization.
Step 1. Check if your token is about to expire (broker_host
)
broker_host
)Request
To find out all current broker connections as well as tokens associated with each of the brokers, you can run the following curl command:
Sample response
In the sample response above, we are able to extrapolate the following information about my broker host instances:
The broker that connects to the internal domain
gitlab-ubuntu-vm
has a broker_hostid
:1a328baa-9a15-4249-8168-abb3cd26a292
. Note down this ID as we will need it later.This broker host has a token with the name
my_token_name
that was created on2024-10-03
, this means that this token will expire on2025-01-03
(92 days)
Step 2. Generate a new token (createBrokerApiToken
)
createBrokerApiToken
)Once you obtained the broker_host id
from the previous step, you are now ready to generate and set a new broker token. To do so, you can use the following curl command.
Request
brokerHostId
: Use the broker host id obtained in the previous step.tokenName
: You can use any token name here.
Sample response:
Save the value of "token" output. In this sample reponse, the value would be "lNVAMfhxKSHUQT7Qpar7cd6v8UqOxY
"
Step 3. Update your Mobb broker container to use the new broker token value
After you've obtained the new token value, you can now set it in the FRP_BROKER_AUTH_TOKEN
environment variable in your Mobb broker as described in the Mobb Broker configuration guide.
This completes this tutorial on how to generate a new Mobb broker token.
Last updated