On Wed, Apr 30, 2025 at 21:29 Roberto Reale <robe...@trueability.com> wrote:
> Hello, > > I have installed guacd and guacamole (with Postgres) on my Kubernetes > cluster (version 1.5.5). > Everything works well, however I have a few questions. > > I am interacting with the REST API to programmatically generate URLs like > this: > > - > > https://guacamole.mydomain.com/guacamole/#/client/XXYAYwBwb3N0Z3Jlc3Fs?token=xxx > > The token is generated with this endpoint: > > - https://guacamole.mydomain.com/guacamole/api/tokens > > It looks that once the token has been generated the link to access the VM > will be valid forever, regardless of the value of the API_SESSION_TIMEOUT > env var. The only way to disable it is to delete the token. Can you please > confirm this? If I understand correctly, the token validity is checked only > if you try to access the Guacamole frontend, but it is ignored when trying > to access the VM directly. > This is definitely not the case - the token validity checks apply to all interactions with the Guacamole client interface, and there's no difference in accessing a connection URL "directly" versus going to the home page and clicking on the connection or connection group. Please keep in mind that the API session timeout is the *idle* time limit for a token - that is, if you're actively using the token for connections and access to the Guacamole home page, the token could end up being valid for far longer than the setting specifies. I use Guacamole throughout the day in my day job, and am frequently signed on, with the same token, for 8-10 hours at a time, because I'm constantly accessing connections. > Is there an official documentation for the REST API? I have been relying > on this: > No, we have yet to generate official documentation for the REST API, outside of what can be found in the manual (not much). -Nick >
