> For the complete documentation index, see [llms.txt](https://docs.mobb.ai/mobb-user-docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.mobb.ai/mobb-user-docs/more-info/mobb-broker/mobb-broker-token-rotation.md).

# Mobb Broker Token Rotation

## Background

The purpose of the Mobb broker token is to encrypt the tunnel established between your on-premise SCM (GitLab, GitHub or ADO) and the Mobb platform. It acts as an authentication token to secure the communication and ensure only authorized connections can be established through the broker.

By default, the broker token automatically expires after 3 months (92 days) after creation. This policy ensures the security of the tunnel by regularly renewing authentication, reducing the risk of long-term token exposure or misuse.

{% hint style="info" %}
These capabilities are currently only available via the following APIs. They will be added to the Mobb UI very soon.
{% endhint %}

## Reference APIs to Perform Token Rotation

### URL and Authentication

The following data should be set in every call to the API:

| Fields      | Value                                                                                                                                                                                                                                                                                                      |
| ----------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| URL         | <p>All API calls should go the following URL: <code><https://api.mobb.ai></code></p><p>For single tenant users, your URL should be:<br><code>[https://api-st-\&#x3C;YOUR\_SINGLE\_TENANT\_ID>.mobb.ai](https://api-st-\&#x3C;YOUR_SINGLE_TENANT_ID>.mobb.ai)</code></p>                                    |
| <p><br></p> |                                                                                                                                                                                                                                                                                                            |
| x-mobb-key  | <p>Authentication token: an <code>api-key</code> fetched from the setting of a user with appropriate permissions in the organization.</p><p>This value should be sent as an HTTP header with each call. To generate a Mobb api-key, refer to the guide <a href="/pages/TVsQQf8lP01Lmu4hpZs6">here</a>.</p> |

### Step 1. Check if your token is about to expire using [GET api/rest/GetBrokerConfigurations](https://apidocs.mobb.ai/reference#tag/broker-management/get/api/rest/getbrokerconfigurations)

### Request

To find out all current broker connections as well as tokens associated with each of the brokers, you can run the following curl command:

{% code overflow="wrap" %}

```
curl https://api.mobb.ai/api/rest/getbrokerconfigurations \
--header 'x-mobb-key: <YOUR_MOBB_API_KEY>' \
--header 'Content-Type: application/json'
```

{% endcode %}

### Sample response

```json
{
  "broker_host": [
    {
      "id": "1a328baa-9a15-4249-8168-abb3cd26a292",
      "organizationId": "afc837fb-ecb7-4b3f-9eda-127127cca2c2",
      "realDomain": "antony-ubuntu-vm",
      "virtualDomain": "81317cf7-9c01-43c6-80d5-c0fcd38bf8f5",
      "brokerTokens": [
        {
          "tokenName": "new2",
          "createdOn": "2024-10-08T16:43:16.492661+00:00"
        },
        {
          "tokenName": "antony_gitlab_on-prem_token",
          "createdOn": "2025-07-06T17:54:52.73125+00:00"
        }
      ]
    },
    {
      "id": "0a3f2260-a0d0-4b9b-9bc2-91378991a211",
      "organizationId": "afc837fb-ecb7-4b3f-9eda-127127cca2c2",
      "realDomain": "testrestapi.sample.domain",
      "virtualDomain": "b024820c-328c-430a-a6de-5fa5e210d2a8",
      "brokerTokens": [
        {
          "tokenName": "testing_via_restapi_tokenName",
          "createdOn": "2025-06-12T16:53:48.553857+00:00"
        },
        {
          "tokenName": "test_from_postman_delete_later",
          "createdOn": "2025-06-12T17:01:37.12678+00:00"
        },
        {
          "tokenName": "test-create-via-rest-api-2025-07-08",
          "createdOn": "2025-07-08T23:53:01.077461+00:00"
        }
      ]
    }
  ]
}
```

In the sample response above, we are able to extrapolate the following information about my broker host instances:

* The broker that connects to the internal domain `gitlab-ubuntu-vm` has a broker\_host `id`: `1a328baa-9a15-4249-8168-abb3cd26a292`. **Note down this ID as we will need it later**.
* This broker host has a token with the name `antony_gitlab_on-prem_token` that was created on `2025-07-06`, this means that this token will expire on `2025-10-06` (92 days)

Step 2. Generate a new token using [POST\
/api/rest/createbrokerapitoken](#step-2.-generate-a-new-token-using-post-api-rest-createbrokerapitoken)
-------------------------------------------------------------------------------------------------------

Once you obtained the broker\_host `id` from the previous step, you are now ready to generate and set a new broker token. To do so, you can use the following curl command.

### Request

```
curl https://api.mobb.ai/api/rest/createbrokerapitoken \
  --request POST \
  --header 'Content-Type: application/json' \
  --header 'x-mobb-key: <YOUR_MOBB_API_KEY>' \
  --data '{
  "brokerHostId": "<BROKER_HOST_ID>",
  "tokenName": "<ANY_TOKEN_NAME>"
}'
```

* `brokerHostId`: Use the broker host id obtained in the previous step.
* `tokenName`: You can use any token name here.

### Sample response:

```json
{
    "data": {
        "createBrokerApiToken": {
            "token": "lNVAMfhxKSHUQT7Qpar7cd6v8UqOxY"
        }
    }
}
```

Save the value of "token" output. In this sample reponse, the value would be "`lNVAMfhxKSHUQT7Qpar7cd6v8UqOxY`"

## Step 3. Update your Mobb broker container to use the new broker token value

After you've obtained the new token value, you can now set it in the `FRP_BROKER_AUTH_TOKEN` environment variable in your Mobb broker as described in the [Mobb Broker configuration guide](/mobb-user-docs/more-info/mobb-broker.md#explanation-of-the-environment-variables).

This completes this tutorial on how to generate a new Mobb broker token.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.mobb.ai/mobb-user-docs/more-info/mobb-broker/mobb-broker-token-rotation.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.