ForumsDevelopersAPI Token Expiry
API Token Expiry
| Author | Message |
|---|---|
|
Shaun Barlow |
Hi,
I am busy experimenting with the Toodledo API in preparation for trying to make an app for Symbian S60 phones (will be testing using my E71). I am trying to find out what the message looks like when you try to use an expired token, so that my app can detect it and get a new token when it needs one. According to the API documentation the token should expire after 4 hours, but I have been using a token for about 5 hours now and it is still giving me access to my accounts data. Has the token expiry time been increased from 4 hours? Also if somebody already knows what message you get when trying to use an expired token, I'd appreciate it if you could share it :) |
|
Jake Toodledo Founder |
It takes 4 hours of inactivity. Each time you successfully authenticate, it refreshes the key for another 4 hours. If you don't do anything for 4 hours, it will expire.
|
|
demo |
One issue I noticed, Don't know if you care to address it. If I was using the api, and I had a legit token. I then changed my password, and continued using my token. So in theory, if your account is "compromised", they could keep using the token indefinitely, even if you change the password.
Is there any way to force all tokens to expire? |
|
Jake Toodledo Founder |
Yes, if you change the unique id number in your account settings, then it will cause all tokens to be invalid.
|
You cannot reply yet
U Back to topic home
R Post a reply
To participate in these forums, you must be signed in.