Should I reuse access tokens?

Hello! :blush:
Does anyone know if there’s any point in reusing access tokens or is it all the same if I just generate a new one often?
For instance, access tokens last 60 days, but does it matter if i just generate one every minute?


Depends what else is going on.

If you generate 50 tokens.
When you generate the 51st
The first one is automatically killed.

So if you ahve a script using that token it then has to get a new token.
So the 52nd is generated killing the 2nd
And then if you have a script using the 2nd token… etc

You should generate and use a token till it’s close to expiration or has expired.
If you are “spam” making tokens you might observe weirdness.

1 Like

You should reuse a token for as long as you have it and it is still valid.

For example, with the Implicit code flow the user will get a new token each time they log in to your site (which should be each time they visit), so while they’re navigating your site you should use that same token, but if they leave and come back later they’ll go through the OAuth flow (transparently if you’re not forcing verification0 so will have a new token.

With the Auth Code flow, tokens last about 4 hours and while you can refresh them you are using them server-side so should be able to persist them and refresh them only as needed rather than excessively generating new ones.

App Access Tokens would be the same as Auth Code tokens, the code is running server-side so you should be able to persist them or otherwise you may be excessively generating tokens needlessly.

If you’re running a vast number of apps that work independently with the same credentials you’ll even run into issues where one process is generating a new token which will kill a token used by another process as you’re at the limit.

tl;dr, store tokens and use them until they expire then get new ones.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.