Security
In the "Security" area, you manage the login and session parameters of a user account as well as the API access token. Here you specify the password a user uses to log in, after what period of inactivity they are automatically logged out, and how the SmartAPI is authenticated.
Login Information
Password
The password is used to log in to the web interface. Choose a strong, unique password and do not share it with others.
Combine uppercase/lowercase letters, numbers, and special characters. Avoid easily guessable patterns (e.g., "Password123").
A password manager can help generate and manage complex passwords securely.
Repeat Password
For confirmation, the password must be entered identically a second time. If the input does not match, the change cannot be saved.
New Password Required
When this feature is activated, a new password must be set during the next login.
If a user's password is compromised, it can be manually reset using this feature. Ideally, the password should be reset directly before the user's login attempt to prevent any potential third party from setting a password.
If a password change policy is defined in the General Settings, the corresponding expiration date and an explanatory text will be displayed below the checkbox.
Automatic Logout
Specifies the inactivity period after which the web session is automatically ended. A shorter duration enhances security at shared workplaces, while a longer duration improves convenience.
The logout only applies to inactivity in the browser. Active, ongoing processes should be saved or completed before the timeout.
API Bearer Token
The authorization token for the SmartAPI. When calling endpoints, it must be sent as the HTTP header "Authorization: Bearer-Token."
Treat the token like a password. Store it only in trusted locations and do not share it. If the token is compromised, it should be immediately renewed or revoked.