Access Tokens

FAQs

Question: What is the max life of an access token?

Answer: The access token is active for 30 minutes, up to a maximum of 24 hours.


Question: How do I keep my access token alive for 24 hours?

Answer: To avoid expiration, the access token must be used (by calling an API) at least once within 15 minutes of the 30 minutes. Extending the token within the 15 minutes gives you another 30 min of activity. The token must be refreshed within 15 min to add another 30 min, if you make a call after the 15 minutes but before the 30 minutes, the token will expire after 30 minutes (extension is not granted). If continuesly refreshed within every 15 minutes, you can keep the token alive for up to 24 hrs.

Get the token, cache the bearer token (encrypted) and the current Date Timestamp. On future requests, check to see if the current time is after the timestamped cached and if there has been no activity in the last 15 minutes. If either is true, then request an access token and introspection. If both are false, then utilize the current active bearer token. Alternatively, you can submit the current token and check the API Request Response. If it has a Status of 401 'Unauthorized', get a new token.