Ad Widget


api key lifetime

  • Filter
  • Time
  • Show
Clear All
new posts

    api key lifetime


    I am using the zabbix api to view a item value through php.

    after logging in with the username and password with json I get a api key.

    how long is that key valid?

    If I refresh the page at this point it alway's fetches a new api key. is that necessary?

    Hi there,

    This question was asked a while ago, and unfortunately was not answered:

    Anyway, your post inspired me to find an answer!

    Short answer:
    It is dictated by the "Auto-logout" option in "Administration" (Top Menu) -> "Users" (Sub Menu) -> "*Username*". (See image attached)

    Long answer:
    Digging through the source files, you can see the function "checkAuthentication($sessionid)" (File: CUser.php) is called to verify the session.

    This function queries the "sessionid" (a.k.a. api key) and "lastaccess" from the "sessions" table (presumably the same table that is used for all web sessions). If the "lastaccess" was more than "Auto-logout" time ago (default 900sec), the session is deleted from the "sessions" table, and access would then be denied.

    So IMO, no it's not necessary to generate a new API Key for each API call, but I believe the overhead is minimal so it probably comes down to your purpose. If you call the API infrequently, it's probably simpler to write a script to generate a new API Key each time. But if you're building an interface which will make thousands of API calls within a short space of time, well, that "little" overhead snowballs into something much more significant.

    Hope this helps.


    Zabbix Version: 2.0.8
    Last edited by timbo; 02-01-2015, 06:57.


      Hi Timbo,

      Thanks for your answer!

      It is clear to me now.

      I build a simple scripts that get's the tempature from a server room with the api call and run it every 10 seconds with only authenticating through the api key. it is working for a day now with the first api key so it's working!



      No announcement yet.