Community Home
Resources
Events & Webinars
Learn
Groups
Product Ideas
Got a 'How do I' question? Join 'Ask a Trainer' Monday to Friday, 11am to 4pm ET for instant help and pro tips!
Join

v3.0 What is the best practice for refreshing access tokens?

SOLVED
Go to solution
DanH069
Rookie
‎10-04-2019 12:34 PM
0 Votes
‎10-04-2019 12:34 PM

What is the best practice for refreshing access tokens?

 

Do I wait until an error is generated?

Do I refresh based on age of access token?

Is it bad to refresh the token before every request?

 

Thoughts?

1 ACCEPTED SOLUTION
Jimmy_D
Employee
Employee
‎10-10-2019 11:59 AM
‎10-10-2019 11:59 AM

Hello @DanH069,

 

Thank you for reaching out to Constant Contact's API Support.

 

I would suggest one of the first two options. I personally like to go with option two. I create two timers; one of the timers is set for two hours and the other is set for 24 hours. The two hour timer is reset any time I make an API call. If either timer reaches its end then I will go through the refresh process.


Regards,
Jimmy D.
Tier II API Support Engineer

View solution in original post

5 REPLIES 5
Jimmy_D
Employee
Employee
‎10-10-2019 11:59 AM
‎10-10-2019 11:59 AM

Hello @DanH069,

 

Thank you for reaching out to Constant Contact's API Support.

 

I would suggest one of the first two options. I personally like to go with option two. I create two timers; one of the timers is set for two hours and the other is set for 24 hours. The two hour timer is reset any time I make an API call. If either timer reaches its end then I will go through the refresh process.


Regards,
Jimmy D.
Tier II API Support Engineer
JulieK7237
Campaign Collaborator
‎02-17-2020 07:39 PM
In response to Jimmy_D
0 Votes
‎02-17-2020 07:39 PM

Can you explain the problem with option 3? Other than potentially hitting a rate limit (which for my application will not happen), what is wrong with refreshing before every request?

Jimmy_D
Employee
Employee
‎02-19-2020 02:30 PM
In response to JulieK7237
0 Votes
‎02-19-2020 02:30 PM

Hi @JulieK7237,

 

Option 3's only down side really is the rate limit. If that is not an issue with your integration then feel free to use it.


Regards,
Jimmy D.
Tier II API Support Engineer
CODOH
Rookie
‎12-20-2020 01:27 AM
0 Votes
‎12-20-2020 01:27 AM

Another downside to option 3 is that it immediately invalidates the access token so if the program is interrupted after the call to refresh the access token, but before persisting the updated access and refresh tokens the program won't be able to recover on it's own without manually going through the first step. I really wish there was an option for basic-auth for server-side integration. Even options 2 and 3, while workable, turn into a lot of work maintaining timers and coordinating state between concurrent workers.

CODOH
Rookie
‎12-20-2020 10:13 PM
0 Votes
‎12-20-2020 10:13 PM

Correction: It does not immediately invalidate the current access token, only the refresh token. The problem as described above still stands, however. Anyway, I think I found a somewhat workable solution using (1) for now. Will have to monitor for errors cropping up once deployed.

Resources
Developer Portal

View API documentation, code samples, get your API key.

Visit Page

Announcements

API Updates

Join our list to be notified of new features and updates to our V3 API.

Sign Up