ArmorIQ LogoArmorIQ Docs
Authentication

Sessions & Tokens

JWT session management, automatic refresh, and team invitations.

Session Management

ArmorIQ uses JWT tokens for session management:

TokenLifetimePurpose
Access Token15 minutesAuthenticates API requests
Refresh TokenLong-livedObtains new access tokens

Automatic Token Refresh

When your access token expires, the platform automatically refreshes it using the refresh token. This happens transparently - you won't be interrupted.

Session Expiry

If the refresh token is also expired or invalid, you'll be redirected to the sign-in page. This can happen if:

  • You've been inactive for an extended period
  • Your account has been modified by an admin
  • You signed out from another device

Accept Team Invitation

If you've received an invitation to join an organization:

  1. Click the invitation link in your email
  2. If you're not signed in, you'll be prompted to authenticate first
  3. Review the organization details
  4. Click Accept Invitation to join

The invitation link is stored so that even if you need to create an account first, you'll be redirected back to accept the invitation after authentication.

Sign Up & Verification

Create a new account and verify your email with OTP.

Device Approval

Authorize CLI and SDK device connections through the browser-based device approval flow.

On this page

Session ManagementAutomatic Token RefreshSession ExpiryAccept Team Invitation