Authentication limitations

A maximum of 50 refresh tokens are allowed per combination if client_id and user_id. When this limit is exceeded, older refresh tokens are automatically deleted.

To be able to use our API, you will need an access_token that is generated most of the times via a refresh_token. An access_token has usually a life-time of 1 hour, but a refresh_token has a bigger life time, by default from 4 weeks to 3 years.

Token type
Maximum tokens

refresh_token

50 per client_id and user_id

access_token

Infinite

Important: Please make sure to store refresh_token in redis or some similar caching provider, and ALWAYS in a secure storage.

Last updated