Partner Zone
Partner Zone

API Token Life (Token expiration)

This thread is now closed to new comments.
Some of the links provided in this thread may no longer be available or relevant.
If you have a question please start a new post.
4 REPLIES 4
Former Staff KeranM
231 Posts
Former Staff
Australia
KeranM
Former Staff

299Posts

94Kudos

56Solutions

Re: API Token Life (Token expiration)

Hi there

 

 

The refresh token will last for up to 1 year.

Each time you ask for an access token we will return a refresh token. We recommend you grab that and store it for future reference.

 

If you'd like more support on this please feel free to email developers@myob.com and we can help you there

Keran McKenzie
Futurist in residence @MYOB

Are you a developer? Check out http://developer.myob.com
Looking for an Add-on? Check out http://myob.com/addons/

Twitter: @myobapi | @keranm
CamTaylorPwC
1 Post
User
Australia
CamTaylorPwC

1Posts

0Kudos

0Solutions

Re: API Token Life (Token expiration)

Hi Shaun,

 

How long do the refresh Token's last for?  

 

Thank you,

Cam

Partner GriffNZ
4 Posts
Partner
GriffNZ
Partner

4Posts

1Kudos

1Solutions

Re: API Token Life (Token expiration)

Thanks Shaun,

 

I apologise; I'm so used to working with OAuth1, I did not spot this difference in behavior.

 

Will be calling the refresh token endpoint after expiry to persist the tokens.

Former Staff ShaunWilde
53 Posts
Former Staff
Australia
ShaunWilde
Former Staff

62Posts

3Kudos

22Solutions

Accepted Solution Solved Solution

Re: API Token Life (Token expiration)

When your app gets an OAuthToken for a user of your application you also get a RefreshToken that you can to get a new OAuthToken without requiring the user to log-in again.

 

Long time outs aren't considered secure by most implmentors, by making them short-lived reduces the time an attacker can abuse a token should they manage to steal it. Also if a user of your app no longer wishes for your app to have access to their data they can revoke your access which will then revoke your app's ability to generate new tokens.

 

Regards

Shaun Wilde
Partner GriffNZ
4 Posts
Partner
GriffNZ
Partner

4Posts

1Kudos

1Solutions

Solved: Go to Solution

API Token Life (Token expiration)

Hello,

 

Was just wondering why the access token lifespan is so short? (20 minutes)

 

Quickbooks lifespan is 180 days, Xero is 30 days.

 

Customers cannot be expected to use an MYOB function at least every 20 minutes to keep the token refreshed.

 

I wish to extend the token to at least 30 days. I know OAuth usually has a global setting for this, but just in case; is there any way for it to be extended on at least my product? Otherwise could you please consider drastically increasing the token lifetime, or offering an OAuth partner scope with a much longer lifetime.

Didn't find your answer here?
Try using advanced search to find a post more easily Advanced Search
or
Get the conversation started and make a new post Start a Post