Page 1 of 1

token lifespan

Posted: Sat Sep 20, 2014 2:03 am
by wgmaker
The API20140530 wiki mentions 'Obtain the token for this session'. How do you define 'session' here? What is the lifespan of the obtained token? Is there a timespan limitation? Or other limitations of it validity?
The client I am developing might require a separate 'run' to obtain the token prior to the actual data collection. Is that feasible?

Re: token lifespan

Posted: Sat Sep 20, 2014 7:51 am
by rkulagow
I've updated the docs on the wiki and added this to the "Get a Token" portion:

A token is considered invalid if any of the following occurs

24 hours elapse since the token was first granted
A new token is requested

Re: token lifespan

Posted: Fri Oct 31, 2014 5:25 pm
by kgroeneveld
So what happens if a user has two applications setup for the same account and they both try to update around the same time? When the second requests a token wouldn't the first applications token become invalid which could cause problems if it isn't finished yet?

Re: token lifespan

Posted: Fri Oct 31, 2014 6:14 pm
by rkulagow
Correct.

For now the server-side code assumes that there's only a single application using the token. That may change in the next API, but because API 20140530 is already being used by a number of applications I'm not going to change that at this time.