h3llo
15 January 2025 06:57
1
Hello Guys,
I have Onlyoffice installed and succesfully running on Ubuntu 24.04
But how can i generate a NEW 172 character JWT API token?
in /etc/onlyoffice/documentserver/local.json
i only see this 32 character key:
"secret": {
"inbox": {
"string": "f4h7Xn3s2zRj9PkL1oYv5aWq0tBg6Im8"
},
"outbox": {
"string": "f4h7Xn3s2zRj9PkL1oYv5aWq0tBg6Im8"
},
"session": {
"string": "f4h7Xn3s2zRj9PkL1oYv5aWq0tBg6Im8"
}
I hope that someone can help me out!
Kind Regards
Hello @h3llo
Please clarify which product is used - the category is set to Workspace, but you are referencing the config of Document Server. Additionally, please specify version of the product you are using.
h3llo
18 January 2025 06:27
5
To change JWT secret you need to specify it in a few configs. I’ve described in which ones here:
Most certainly 403 is related to the JWT Token on the Community Server side. I would not recommend disabling JWT Token since it provides a security of your connection and prevents data from being fetched by unauthorized users.
To configure JWT Token on both sides please follow next instruction:
Locate next config var/www/onlyoffice/WebStudio/web.appsettings.config in the Community Server container (use docker ps to see the list of currently running containers and docker exec -it <ID> bash whe…
It references on how to do it for Docker, but in case of package installation you can simply skip steps of connecting to the containers and move to the configs directly on host.
h3llo
22 January 2025 01:45
7
@Constantine
Thanks for your reply but i think you do NOT understand the question of this topic. Let me try again:
The question was/is:
How can i generate a NEW 172 CHARACTER: → JWT API token?
I hope that you understand the difference between a Token and a Secret Key.
Looking forward for the right answer.
Thank you very much in advance
I do understand the difference, but maybe I am missing the point. You’ve mentioned that your token is working fine, can you share any details on how it is used?
h3llo
6 February 2025 17:05
9
@Constantine
The point is:
My 172 character JWT API TOKEN is leaked.new one.
How can i do that?
JWT is used to authorize requests from/to Document Server in integrations, in Workspace too. The token must be generated each time for each request that you are performing to Document Server. Considering that I do not understand what is “JWT API Token” and how it is used, hence I am asking you to elaborate on this.
If you could describe how this token was initially generated, then I am sure it’d bring some clarity on your query.
h3llo
20 June 2025 01:14
11
By a python script:
import jwt
import time
from datetime import datetime, timedelta
secret = 's4DuC9MyN7Sbey252Y8te9fNMX5j7Naa'
# Current time
now = datetime.utcnow()
# Expiration time: 6 months from now
expiration = now + timedelta(days=182) # approximately 6 months
payload = {
'sub': 'user_id',
'name': 'Your Name',
'iat': int(time.mktime(now.timetuple())),
'exp': int(time.mktime(expiration.timetuple()))
}
token = jwt.encode(payload, secret, algorithm='HS256')
print(token)
It seems that similar request was posted here:
Hello everyone.
I have just installed ONLYOFFICE Workspace Community from RPM/DEB packages using the provided script:
I have just installed it successfully on Ubuntu 22.04 and everything works/runs fine
with the following commands:
wget https://download.onlyoffice.com/install/workspace-install.sh
bash workspace-install.sh
EXPECT the API
If i go to https://mydomain.com/api/2.0
I am seeing this Runtime Error:
[Screenshot from 2025-06-20 03-06-59]
Does anyone how i can enable the API an…
I will close the linked topic and respond here.
I can see that you are trying to send some requests to the API of Workspace. Please note that you do not need JWT for these requests. The runtime error you see is simply says that there is no such address, consider in as an endpoint for your POST/GET requests. It requires authentication, not JWT.
Here was an example with some methods:
Here is the way to download the file with given in this thread methods:
First, we need to get the authentication token. For that you can use POST api/2.0/authentication method. After sending the request to API, you will receive such response:
{
"count": 1,
"status": 0,
"statusCode": 201,
"response": {
"token": "<your_token>",
"expires": "2024-05-30T12:47:54.7762210Z"
}
}
From this part we have to fetch the <your_token> value which will be used for further…
h3llo
20 June 2025 13:03
13
@Constantine
Thanks for your friendly reply.
First, we need to get the authentication token. For that you can use POST api/2.0/authentication method.
This url: ttps://api.onlyoffice.com/portals/method/authentication/post/api/2.0/authentication
is broken
Do you have the right URL for us?
h3llo
20 June 2025 15:17
14
I think i have found the right url:
if i execute this i successfully obtain the TOKEN
curl --request POST --header "Content-Type: application/json" --data '{"username":"user@of.domain.com","password":"MyPWDhere"}' "https://of.mydomain.com/api/2.0/authentication.json"
{"count":1,"status":0,"statusCode":201,"response":{"token":"RGlbOavtm+po9r9RcvdOx5X6ZLP8AzODWbgv4QZou5UqngVer5wPhzOQYbdOfJWdrAdIvGMOej7aKw\/QwxSxVeM\/Ar2Dms24Gmy+5SnZP\/eXuknIX081vXbgflSb5x7zDXmAa\/QfvqbtBW2ks+wyxstf0NHJ2TtbIceBu5+Emmo=","expires":"2026-06-20T17:10:06.5933920+02:00"}}
So this is my final token right?:
RGlbOavtm+po9r9RcvdOx5X6ZLP8AzODWbgv4QZou5UqngVer5wPhzOQYbdOfJWdrAdIvGMOej7aKw\/QwxSxVeM\/Ar2Dms24Gmy+5SnZP\/eXuknIX081vXbgflSb5x7zDXmAa\/QfvqbtBW2ks+wyxstf0NHJ2TtbIceBu5+Emmo=
My last question is:
How can i upload a file with PHP curl to Onlyoffice Workspace in folder 10
The file is located at the server:
/home/web/hello.docx
Glad to know that you have successfully generated auth token. I see that another topic on file upload was started, closing this one as solved then.