How can i generate a NEW JSON Web Token for WorkSpace on Ubuntu?!

Hello Guys,

I have Onlyoffice installed and succesfully running on Ubuntu 24.04
Everything works fine also my 172 character JWT API token works fine!

But how can i generate a NEW 172 character JWT API token?

in /etc/onlyoffice/documentserver/local.json

i only see this 32 character key:

  "secret": {
    "inbox": {
      "string": "f4h7Xn3s2zRj9PkL1oYv5aWq0tBg6Im8"
    },
    "outbox": {
      "string": "f4h7Xn3s2zRj9PkL1oYv5aWq0tBg6Im8"
    },
    "session": {
      "string": "f4h7Xn3s2zRj9PkL1oYv5aWq0tBg6Im8"
    }

I hope that someone can help me out!

Kind Regards

Hello @h3llo

Please clarify which product is used - the category is set to Workspace, but you are referencing the config of Document Server. Additionally, please specify version of the product you are using.

@Constantine

Regarding this:

https://helpcenter.onlyoffice.com/installation/workspace-install-docker.aspx

P.s i am running Non Docker
Its installed on Ubuntu 24.04

To change JWT secret you need to specify it in a few configs. I’ve described in which ones here:

It references on how to do it for Docker, but in case of package installation you can simply skip steps of connecting to the containers and move to the configs directly on host.

@Constantine

Thanks for your reply but i think you do NOT understand the question of this topic. Let me try again:

The question was/is:

How can i generate a NEW 172 CHARACTER: → JWT API token?
And NOT a NEW 32 CHARACTER : → JWT SECTRET KEY
As you are mentioning in your reply.

I hope that you understand the difference between a Token and a Secret Key.

Looking forward for the right answer.

Thank you very much in advance

I do understand the difference, but maybe I am missing the point. You’ve mentioned that your token is working fine, can you share any details on how it is used?

@Constantine

The point is:

My 172 character JWT API TOKEN is leaked.
So i would to create/generate a new one.

How can i do that?

JWT is used to authorize requests from/to Document Server in integrations, in Workspace too. The token must be generated each time for each request that you are performing to Document Server. Considering that I do not understand what is “JWT API Token” and how it is used, hence I am asking you to elaborate on this.

If you could describe how this token was initially generated, then I am sure it’d bring some clarity on your query.

By a python script:


import jwt
import time
from datetime import datetime, timedelta

secret = 's4DuC9MyN7Sbey252Y8te9fNMX5j7Naa'

# Current time
now = datetime.utcnow()

# Expiration time: 6 months from now
expiration = now + timedelta(days=182)  # approximately 6 months

payload = {
    'sub': 'user_id',
    'name': 'Your Name',
    'iat': int(time.mktime(now.timetuple())),
    'exp': int(time.mktime(expiration.timetuple()))
}

token = jwt.encode(payload, secret, algorithm='HS256')
print(token)

It seems that similar request was posted here:

I will close the linked topic and respond here.


I can see that you are trying to send some requests to the API of Workspace. Please note that you do not need JWT for these requests. The runtime error you see is simply says that there is no such address, consider in as an endpoint for your POST/GET requests. It requires authentication, not JWT.

Here was an example with some methods:

@Constantine

Thanks for your friendly reply.
In your example you mentioned a URL that is not working - > PAGE NOT FOUND

  1. First, we need to get the authentication token. For that you can use POST api/2.0/authentication method.

This url: ttps://api.onlyoffice.com/portals/method/authentication/post/api/2.0/authentication

is broken

Do you have the right URL for us?

I think i have found the right url:

if i execute this i successfully obtain the TOKEN

curl --request POST --header "Content-Type: application/json" --data '{"username":"user@of.domain.com","password":"MyPWDhere"}' "https://of.mydomain.com/api/2.0/authentication.json"

{"count":1,"status":0,"statusCode":201,"response":{"token":"RGlbOavtm+po9r9RcvdOx5X6ZLP8AzODWbgv4QZou5UqngVer5wPhzOQYbdOfJWdrAdIvGMOej7aKw\/QwxSxVeM\/Ar2Dms24Gmy+5SnZP\/eXuknIX081vXbgflSb5x7zDXmAa\/QfvqbtBW2ks+wyxstf0NHJ2TtbIceBu5+Emmo=","expires":"2026-06-20T17:10:06.5933920+02:00"}}

So this is my final token right?:

RGlbOavtm+po9r9RcvdOx5X6ZLP8AzODWbgv4QZou5UqngVer5wPhzOQYbdOfJWdrAdIvGMOej7aKw\/QwxSxVeM\/Ar2Dms24Gmy+5SnZP\/eXuknIX081vXbgflSb5x7zDXmAa\/QfvqbtBW2ks+wyxstf0NHJ2TtbIceBu5+Emmo=

My last question is:

How can i upload a file with PHP curl to Onlyoffice Workspace in folder 10

The file is located at the server:

/home/web/hello.docx

Glad to know that you have successfully generated auth token. I see that another topic on file upload was started, closing this one as solved then.