Changes in JWT Token Validity


  • Dear SmartAPI Users,

    We have made some changes wrt to validity of JWT token received after login. A fresh token is valid for 24-28 hours, instead of the previous time of 5 AM in the morning.
    To check the validity and expiry time of your token, you can write a simple script in any programming language to decode it. We are sharing a sample for Python here:

    import base64
    import json
    from datetime import datetime, timedelta
    import jwt
    
    def extract_inner_token_payload(outer_token):
        try:
            parts = outer_token.split('.')
            if len(parts) == 3:
                inner_token = parts[1]
                # Adding padding to make the inner token length a multiple of 4
                padded_inner_token = inner_token + '=' * (-len(inner_token) % 4)
                # Decoding the inner token's payload manually
                decoded_payload = base64.urlsafe_b64decode(padded_inner_token.encode() + b'==').decode()
                return decoded_payload
            else:
                return {'error': 'Invalid token format'}
        except Exception as e:
            return {'error': f'Error: {str(e)}'}
    
    # Replace 'YOUR_OUTER_JWT_TOKEN_HERE' with your actual JWT token
    your_outer_jwt_token = 'your_actual_JWT_token_here'
    
    decoded_payload = extract_inner_token_payload(your_outer_jwt_token)
    if 'error' in decoded_payload:
        print(decoded_payload['error'])
    else:
        print("Inner Token Payload:")
        print(decoded_payload)
    
        try:
            # Parse JSON payload
            parsed_payload = json.loads(decoded_payload)
    
            # Access and print the expiry time in GMT+5:30
            if 'exp' in parsed_payload:
                expiry_timestamp = parsed_payload['exp']
                print("\nExpiry Timestamp (UTC):", expiry_timestamp)
    
                # Convert UTC to IST (GMT+5:30)
                expiry_datetime_utc = datetime.utcfromtimestamp(expiry_timestamp)
                ist_offset = timedelta(hours=5, minutes=30)  # IST is UTC+5:30
                expiry_datetime_ist = expiry_datetime_utc + ist_offset
    
                print("Expiry Datetime (GMT+5:30):", expiry_datetime_ist.strftime('%Y-%m-%d %H:%M:%S'))
            else:
                print("Expiry time not found in token payload.")
        except json.JSONDecodeError:
            print("Invalid JSON format in the decoded payload.")
    

    Otherwise, you can go to online tools like https://jwt.io/ and paste your JWT token there and decode.

    As a best practice, you should logout at the end of the day after your trading activity.


  • Extending the validity period of a JWT token beyond what is advised might increase the risk of security breaches by creating a larger opening for possible attacks such as replay or token theft. Following recommended best practices for token lifetimes is essential to keeping a strong security posture.👓