What if I need tokens that last more than one hour?

Customers needing tokens that live longer than one hour, often need them for IoT devices. In that case, we recommend using an X5C provisioner.

Tokens are designed to be short-lived, and in Smallstep the longest life for a token is one hour. 

The idea with the X5C provisioner is that you would use a certificate in place of a token on your IoT device. This provisioner type is very popular with our IoT customers, as the certificates it uses can function similarly to using a token but have a fully-customizable lifespan and can also contain device-specific information in their properties. Each device call to the X5C provisioner would pass the associated cert/key pair as authentication to renew the working certificate used in TLS. We tend to refer to the long-lived authentication certificate as a device's "birth certificate" since it would live the lifetime of the device and clearly identify the device's information.