Thanks for your reply, Nick.
On Thu, May 01, 2025 at 10:58 AM, Nick Couchman <vn...@apache.org> wrote: > On Wed, Apr 30, 2025 at 21:29 Roberto Reale <robe...@trueability.com> > wrote: > > Hello, > > I have installed guacd and guacamole (with Postgres) on my Kubernetes > cluster (version 1.5.5). > Everything works well, however I have a few questions. > > I am interacting with the REST API to programmatically generate URLs like > this: > > - https://guacamole.mydomain.com/guacamole/#/client/ > XXYAYwBwb3N0Z3Jlc3Fs?token=xxx > > The token is generated with this endpoint: > > - https://guacamole.mydomain.com/guacamole/api/tokens > > It looks that once the token has been generated the link to access the VM > will be valid forever, regardless of the value of the API_SESSION_TIMEOUT > env var. The only way to disable it is to delete the token. Can you please > confirm this? If I understand correctly, the token validity is checked only > if you try to access the Guacamole frontend, but it is ignored when trying > to access the VM directly. > > > This is definitely not the case - the token validity checks apply to all > interactions with the Guacamole client interface, and there's no difference > in accessing a connection URL "directly" versus going to the home page and > clicking on the connection or connection group. > > Please keep in mind that the API session timeout is the *idle* time limit > for a token - that is, if you're actively using the token for connections > and access to the Guacamole home page, the token could end up being valid > for far longer than the setting specifies. I use Guacamole throughout the > day in my day job, and am frequently signed on, with the same token, for > 8-10 hours at a time, because I'm constantly accessing connections. > > > Is there an official documentation for the REST API? I have been relying > on this: > > > No, we have yet to generate official documentation for the REST API, > outside of what can be found in the manual (not much). > > -Nick >
