Can't create transfer tokens

joaopedrocoelho · September 14, 2023, 2:25pm

System Information

Strapi Version: 4.11.7
Operating System: docker (macOS)
Database: postgres
Node Version: 18-alpine
NPM Version: 8.9.0

I can’t create a Transfer token, I’m getting this reponse in the network request

{
    "data": null,
    "error": {
        "status": 501,
        "name": "NotImplementedError",
        "message": "The server configuration for data transfer is invalid. Please contact your server administrator.",
        "details": {
            "code": "INVALID_TOKEN_SALT"
        }
    }
}

I haven’t set up any TOKEN SALT, it is the one that it comes in the .env file : ‘toBeModified’

I can successfully create API tokens thou

Paul_Brats · September 14, 2023, 6:34pm

When I used npx create-strapi-app@latest test-token --quickstart to recreate the issue

I am an version 4.13.6

After the project gets created my .env file has the following.

HOST=0.0.0.0
PORT=1337
APP_KEYS=rZpM7WQYj0KZIxEan479YA==,MnO0zv8WoZSnUtO2ePJRpQ==,xPcFGpfGUxZdwUuWpwMAsQ==,JNUoYXIz5PJFJYFndOMUyw==
API_TOKEN_SALT=IX18SErX0jW4XbxiadQ+dQ==
ADMIN_JWT_SECRET=ggqZq86nPbS35Z7+KBfy1g==
TRANSFER_TOKEN_SALT=zTQvcxedOEjOn2DmMh2bwA==
# Database
DATABASE_CLIENT=sqlite
DATABASE_FILENAME=.tmp/data.db
JWT_SECRET=9NyPb4LeGUCqVspXk9iMgQ==

TRANSFER_TOKEN_SALT just needs to be a string so toBeModified should not cause an errror.

Check your config/admin.js file and see if you have the following.

joaopedrocoelho · September 15, 2023, 1:28am

Thank you , Paul.

I realized TRANSFER_TOKEN_SALT was empty, only API_TOKEN_SALT had a value. After adding TRANSFER_TOKEN_SALT to .env it started to work

conor909 · February 20, 2024, 8:24pm

Can you tell us where to get these tokens if they are empty?

conorjohn · June 30, 2025, 9:29pm

Would also like info on this if possible

conorjohn · June 30, 2025, 9:47pm

I ran the following node script to get a token, then set it in the .env under TRANSFER_TOKEN_SALT={insert token here}

const crypto = require(‘crypto’);
const salt = crypto.randomBytes(16).toString(‘base64’);
console.log(salt);

I got the 2nd line from the Strapi console warning:

(node:8398) Warning: Missing transfer.token.salt: Data transfer features have been disabled.
Please set transfer.token.salt in config/admin.js (ex: you can generate one using Node with `crypto.randomBytes(16).toString('base64')`)
For security reasons, prefer storing the secret in an environment variable and read it in config/admin.js. See https://docs.strapi.io/developer-docs/latest/setup-deployment-guides/configurations/optional/environment.html#configuration-using-environment-variables```