ACSP Suggestion 2022.6: Increase API Token Length

Suggestion

Author: Anonymous   
Submitted On: 17 February 2022

Description: After stripping the “API” and “-” characters the token has only 16 characters, each character having 36 unique values. Double the current length to 32 variable characters.

Value to Community: Longer token aligned to other API implementations will make the tokens more difficult to brute force.

Timeframe: Not specified

Status: Completed   Updated: 03 March 2023

Tracking Information

ARIN Comment

3 March 2023

Thank you for your suggestion, numbered 2022.6 on confirmed receipt, requesting that we extend the length of API tokens to 36 characters to make them less susceptible to brute force attacks. Development of this functionality was completed and deployed on 3 January 2023.

Because this work is completed, we are closing this suggestion. Thank you for participating in the ARIN Consultation and Suggestion Process.

23 February 2022

Thank you for your suggestion, numbered 2022.6 on confirmed receipt, requesting that we extend the length of API tokens to 36 characters to make them less susceptible to brute force attacks. We agree this would be a helpful change and increase the security of the API tokens. We will place this suggestion on the list for prioritization for the 2023 Engineering Roadmap.

Thank you for participating in the ARIN Consultation and Suggestion Process. Your suggestion will remain open until implemented.