REST API refresh token
Paul Timms
1-20-20
Could someone please tell me the duration of the refresh token for the REST API? Thanks.
Dejan R.
1-22-20
Hello Paul,

I am still waiting for infromation from development department. Will update you as soon as I receive.
Regards
Paul Timms
1-27-20
Hi Dejan, any update please? We're working with another company to integrate Standard ERP and they are waiting for this information.

I know that flex.bi can connect for many days or weeks without needing to be reauthorised. Does each successful connection then extend the expiry date of the token?
Elvis Kvalbergs
1-28-20
Created byPaul Timms12:16 27 Jan 2020
Hi Dejan, any update please? We're working with another company to integrate Standard ERP and they are waiting for this information. I know that flex.bi can connect for many days or weeks without needing to be reauthorised. Does each successful connectio
Hi Paul! This is where I roughly described how the authentication flow works:
https://docs.flex.bi/confluence/support-center/how-does-hansaworld-oauth-authentication-works-80155071.html

If I remember correctly toje. Was valid for 10 or maybe 15 minutes and then needs to be renewed
Paul Timms
1-30-20
Thanks Elvis. This section:

"Each token issued by StandardID server has an expiration time. If the token expires then flex.bi will request a new one using the supplied refresh token."


I believe the access token has an expiry of 1 hour. If the refresh token has an expiry of 15 minutes, how can it be used to get a new access token? Otherwise, flex.bi would lose authorisation unless it refreshed data more than once an hour. Or am I misunderstanding things?
Omar Dottin
1-31-20
Hi Paul! Pasting the process flow along with answer for future reference:

Process Flow

1. 3rd party software/service makes a call to SERP REST API
2. SERP requests authentication (Standard ID + password) which appears as a login screen
3. SERP sends other software an access token and refresh token
4. 3rd party requests data from SERP, sending the access token with the request
5. after a few minutes, the access token expires and cannot be used again
6. without a refresh token, someone would need to enter the standard ID and password each time a connection is made. the refresh token prevents this and allows a new access token to be sent by SERP to the other software


Refresh Token Export:

When does Refresh Token Expire?
There is no expiry.

If we did set an expiry, it would mean that the user has to login with username and password every time they want to talk to our system which would not work well with full integration situations


Best Regards,
Omar
Paul Timms
2-3-20
Thanks Omar, this answers the question.
Leave Comment
You can subscribe to notifications for this post by selecting the 'star' icon on the top right corner of the post.
Back to the list
Latest Posts
Reino Botha
Please check your version of android if it is the same as the server you are connecting too. ...
08:24 21 Nov 2024
Bror-Erik Kotiranta
In NC you hace operations>>ai chats. They are used for these Br, Bror-Erik...
05:12 21 Nov 2024