Skip to content

How to Configure Edge Access Authentication

This guide shows you how to set up the core authentication mechanisms for Peakhour Edge Access, including Email OTP for users and Service Tokens for APIs.

Before you begin: Review the Zero Trust Architecture to understand how these authentication methods provide secure access control.

Authentication Overview

Edge Access provides two primary methods for authentication:

  • Email OTP (One-Time Password): For human users. A secure, passwordless method where users verify their identity via a code sent to their email.
  • Service Tokens: For programmatic access (APIs, services). Secure tokens that allow applications to authenticate without user interaction.

Configure the Authentication Server

The Authentication Server is the central component that manages how tokens and OTPs are handled for your entire account.

  1. Log into your Peakhour Account Dashboard.
  2. Navigate to Edge Access > Settings.
  3. In the Authentication Server Configuration card, configure the following settings:
    • OTP Valid Minutes: Set how long the one-time password sent to users' emails is valid. A short duration like 15 minutes is recommended for security.
    • Token Type: Choose the token format. JWT is a common and widely supported standard.
    • User Session Token Lifetime: Define how long a user's login session lasts. 86400 seconds (24 hours) is a typical duration.
    • Service Access Token Lifetime: Define how long a service token is valid for. 3600 seconds (1 hour) is a secure default for automated services.
    • Secret: This is a critical security key for signing tokens. Click the refresh icon to generate a new, strong secret.
  4. Click Save Configuration.

Important: If you rotate the secret, all existing user sessions and service tokens will be invalidated and will require re-authentication.

Manage Service Tokens for API Access

Service tokens are used for non-interactive, programmatic access to your protected applications.

Creating a Service Token

  1. In your Account Dashboard, navigate to Edge Access > Service Tokens.
  2. Click the Create Token button.
  3. Fill in the form:
    • Token Name: A descriptive name to help you identify the token's purpose (e.g., "CI/CD Deployment Script").
    • Token Duration: Select how long the token will be valid. Choose the shortest duration that meets your needs.
  4. Click Create Token.

Viewing Your New Token

A modal will appear with your new token's Client ID and Client Secret.

Critical: This is the only time the Client Secret will be displayed. Copy it immediately and store it in a secure location (e.g., your CI/CD platform's secret store, a password manager). You will not be able to retrieve it again.

Using a Service Token

To authenticate an API request, you must generate a bearer token and include it in the Authorization header.

Example: Authenticating a request 

# Use the token in API requests
curl -H "Authorization: Bearer {client_id}:{client_secret}" \
  https://protected-app.company.com/api/data

Revoking a Service Token

If a token is compromised or no longer needed, you must revoke it.

  1. In the Service Tokens list, find the token you want to revoke.
  2. Click the Revoke (trash icon) button in the "Actions" column.
  3. Confirm the action. The token will be immediately invalidated.

Commit Your Changes

Any changes made to the Authentication Server or Service Tokens are staged and must be committed before they take effect.

  1. A banner will appear at the top of the page: "You have uncommitted changes...".
  2. Enter a descriptive Commit message (e.g., "Configure auth server and create CI/CD token").
  3. Click Commit.

Your authentication settings are now live across the Peakhour network.