Authentication limitations
A maximum of 50 refresh tokens are allowed per combination if client_id
and user_id.
When this limit is exceeded, older refresh tokens are automatically deleted.
To be able to use our API, you will need an access_token
that is generated most of the times via a refresh_token
. An access_token
has usually a life-time of 1 hour, but a refresh_token
has a bigger life time, by default from 4 weeks to 3 years.
Token type
Maximum tokens
refresh_token
50 per client_id and user_id
access_token
Infinite
Important: Please make sure to store refresh_token
in redis or some similar caching provider, and ALWAYS in a secure storage.
Last updated