Reading the documentation it’s not clear to me how to treat Management API Access Token and the logic to implement in our app.
The documentation says
- “A Management API token is valid for 24 hours. Create a new access token when the old one expires.”
- “You cannot renew or revoke a Management API token.”
First of all if I get 2 tokens in short time, the second doesn’t invalidate the first and it’s possible to use both (this thing confuses me a bit).
Then, I don’t understand if a token has to be user-specific, session-specific or global (for all the users for 24 hours). So it’s not clear to me where to store it and when check for expiration.