12

I am using InfusionSoft's API to save the contents of a form that is filled out on a website. The API uses OAuth, and from what I can tell there isn't a way to have a life-long session.

The way the OAuth appears to work is that it is designed for a user to login if their session has expired, just like logging into a website. This obviously isn't suitable for an API, but I'm sure this isn't an unusual requirement.

I have an initial token, but after that expires, what then? The only thing I can think of is to have a cron job that runs hourly to refresh the access token (there is a 'refreshAccessToken' method).

4

1 回答 1

11

您需要存储访问令牌(短期 - 24 小时有效)和刷新令牌(长期)。

您只需在每个会话开始时调用 refreshAccessToken 方法。该方法将返回一个新的访问令牌和一个新的刷新令牌。

发出 API 请求时,为当前的“会话”使用新的访问令牌。访问令牌的有效期为 24 小时(不时更改)。

存储新的刷新令牌并在下一次会话中再次使用它。

于 2015-02-26T15:27:38.203 回答