Q&A
REST API refresh token
Paul Timms
1-20-20
Could someone please tell me the duration of the refresh token for the REST API? Thanks.
Dejan R.
1-22-20
Hello Paul,

I am still waiting for infromation from development department. Will update you as soon as I receive.
Regards
Reply
Paul Timms
1-27-20
Hi Dejan, any update please? We're working with another company to integrate Standard ERP and they are waiting for this information.

I know that flex.bi can connect for many days or weeks without needing to be reauthorised. Does each successful connection then extend the expiry date of the token?
Reply
Elvis Kvalbergs
1-28-20
Created byPaul Timms12:16 27 Jan 2020
Hi Dejan, any update please? We're working with another company to integrate Standard ERP and they are waiting for this information. I know that flex.bi can connect for many days or weeks without needing to be reauthorised. Does each successful connectio
Hi Paul! This is where I roughly described how the authentication flow works:
https://docs.flex.bi/confluence/support-center/how-does-hansaworld-oauth-authentication-works-80155071.html

If I remember correctly toje. Was valid for 10 or maybe 15 minutes and then needs to be renewed
Reply
Paul Timms
1-30-20
Thanks Elvis. This section:

"Each token issued by StandardID server has an expiration time. If the token expires then flex.bi will request a new one using the supplied refresh token."


I believe the access token has an expiry of 1 hour. If the refresh token has an expiry of 15 minutes, how can it be used to get a new access token? Otherwise, flex.bi would lose authorisation unless it refreshed data more than once an hour. Or am I misunderstanding things?
Reply
Omar Dottin
1-31-20
Hi Paul! Pasting the process flow along with answer for future reference:

Process Flow

1. 3rd party software/service makes a call to SERP REST API
2. SERP requests authentication (Standard ID + password) which appears as a login screen
3. SERP sends other software an access token and refresh token
4. 3rd party requests data from SERP, sending the access token with the request
5. after a few minutes, the access token expires and cannot be used again
6. without a refresh token, someone would need to enter the standard ID and password each time a connection is made. the refresh token prevents this and allows a new access token to be sent by SERP to the other software


Refresh Token Export:

When does Refresh Token Expire?
There is no expiry.

If we did set an expiry, it would mean that the user has to login with username and password every time they want to talk to our system which would not work well with full integration situations


Best Regards,
Omar
Reply
Paul Timms
2-3-20
Thanks Omar, this answers the question.
Reply
Leave Comment
You can subscribe to notifications for this post by selecting the 'star' icon on the top right corner of the post.
Back to the list
Latest Posts
Re: Re: Periodic Customer Statement
Hello, Kindly please report the bug so that we can further investigate and resolve it. Thank you. Best regards, Benjamin...
11:31 3 May 2024
Re: Client Hansa.HDB
Hi, No changes should have been made that would increase client's HDB file. Please try to delete HANSA.HDB from client folder and reconnect to server and check if it will grow to 30MB again. ...
10:14 30 Apr 2024