Rotate application server tokens & cookie keys

In some cases, you may want to rotate your application's server token, cookie key, or both. You can follow these steps to learn how you can do this in HUMAN.

👍

Tip

If you want to keep the original cookie key during the transition, you can clone the policy and generate a new key for the cloned version. This lets both keys be valid in parallel until you’re ready to deprecate the old one.

Rotate tokens & keys

1. Before making any changes to your tokens or keys, we recommend switching your active Enforcer to monitor mode. This lets it observe traffic without blocking it during the rotation and minimizes disruptions.
2. Navigate to Platform Settings > Account Management > Applications and select the application whose token or key you'd like to rotate.
3. Click the Server token tab.
4. Click Add server token. This will generate a new token for the application.
5. Copy the token and update your Enforcer with the new value.
6. Navigate to Sightline Cyberfraud Defense > Policies > Traffic Policy Overview and select the policy associated with the application you created a new token for in Step 4.
7. Click Duplicate policy .
8. Enter a name for your new policy, then click Duplicate and create.
9. Open the Applications connected to Policy section and + add the application you created a new token for in Step 4.
10. Click Save Changes.
11. Click the key in the top right corner and click copy value to copy the policy's risk cookie key.
12. Update the Enforcer with the cookie key you copied in Step 10.
13. Validate that traffic is processing correctly, and test that request flows are functioning as expected.
14. Once confirmed, return the Enforcer to blocking mode.
15. Delete the old policy you duplicated in Step 7 and the old authentication token.