Authentication and Tokens

Overview

Togo MQ uses token-based authentication to secure your messaging infrastructure. Each API token represents a secure credential that grants access to publish and subscribe to messages in your account.

Creating API Tokens

Step 1: Access Your Dashboard

First, you need to be logged in to your Togo MQ account:

  1. If you don't have an account yet, register here
  2. If you already have an account, log in
  3. Navigate to your Dashboard

Step 2: Generate a New Token

  1. In your dashboard, locate the API Tokens section
  2. Click "Create New Token" or "Generate Token"
  3. Provide a descriptive name for your token:
    • Use clear names like "Production Server", "Development", "CI/CD Pipeline"
    • This helps you identify and manage tokens later
  4. Click "Create" or "Generate"

Step 3: Copy Your Token

{danger} Important! Your token will only be displayed once. Make sure to copy it immediately and store it securely.

After creating the token:

  • Copy the generated token to a secure location
  • Never commit tokens to version control (Git, etc.)
  • Use environment variables or secure secret management systems

Managing Tokens

Viewing Active Tokens

Visit your Dashboard to view all your active API tokens. You'll see:

  • Token name
  • Creation date

Revoking Tokens

If a token is compromised or no longer needed:

  1. Go to your Dashboard
  2. Find the token in your API Tokens list
  3. Click "Revoke" or "Delete"
  4. Confirm the action

{warning} Revoked tokens cannot be restored. Any applications using a revoked token will immediately lose access. Make sure to update your applications with a new token before revoking the old one.

Best Practices for Token Management

  • Use separate tokens for different environments (development, staging, production)
  • Rotate tokens regularly for enhanced security
  • Revoke unused tokens to minimize security risks
  • Name tokens descriptively to easily identify their purpose
  • Monitor token usage through your dashboard

Token Security

Storing Tokens Securely

DO:

  • ✅ Store tokens in environment variables
  • ✅ Use secret management systems (AWS Secrets Manager, HashiCorp Vault, etc.)
  • ✅ Use .env files (and add to .gitignore)
  • ✅ Encrypt tokens when storing in databases

DON'T:

  • ❌ Commit tokens to version control
  • ❌ Share tokens in public channels
  • ❌ Hard-code tokens in your application
  • ❌ Send tokens via unencrypted channels

Example: Using Environment Variables

In your .env file:

TOGOMQ_TOKEN=your-token-here

In your Go application:

import (
    "os"
    "github.com/TogoMQ/togomq-sdk-go"
)

func main() {
    token := os.Getenv("TOGOMQ_TOKEN")

    config := togomq.NewConfig(
        togomq.WithToken(token),
    )

    client, err := togomq.NewClient(config)
    // ... rest of your code
}

Using Tokens

Once you have your API token, you can use it to authenticate with the Togo MQ SDK:

import "github.com/TogoMQ/togomq-sdk-go"

// Create configuration with your token
config := togomq.NewConfig(
    togomq.WithToken("your-token-here"),
)

// Create client
client, err := togomq.NewClient(config)
if err != nil {
    log.Fatal(err)
}
defer client.Close()

Token in Different Environments

Development:

config := togomq.NewConfig(
    togomq.WithToken(os.Getenv("TOGOMQ_DEV_TOKEN")),
    togomq.WithLogLevel("debug"), // Enable debug logging
)

Production:

config := togomq.NewConfig(
    togomq.WithToken(os.Getenv("TOGOMQ_PROD_TOKEN")),
    togomq.WithLogLevel("error"), // Only log errors
)

{success} Next: Learn about SDK Configuration to customize your client settings.