Refresh tokens cost

Hello team,

I would like to understand, if there is an additional cost for refresh tokens (to extend the access token expiration).

Please advise.


The costs for authentication flows with user involvement (as opposed to M2M / Machine to Machine) is based on MAU = Monthly Active Users, regardless of how often they authenticate per month. Therefore, it doesn’t matter how often in a month a refresh token is used to retrieve a new access token for that particular user.

That said, with M2M (no user involvement), which follows the Client Credentials Flow, the number of issued tokens matters. However, since you mention “refresh token”, I assume you’re referring to authentication with user involvement.

Thank you @mathiasconradt

Regarding best practices, can you please advise on recommended JWT token lifetime for both
a) authentication flows with user involvement and
b) M2M (Machine to Machine).

Additionally, what are the things to be taken into consideration, when determining the appropriate JWT token lifetime?

  1. For instance, would the type of transacted data classification, be one of the criteria. For example, if the transacted data is classified as “PROTECTED” then, the JWT token lifetime would be recommended to be shorter than “SENSITIVE” and/or “OFFICIAL” classified data.
  2. Additionally, would it also depend on if it only involves read operations on the data (as opposed to CREATE, UPDATE and DELETE operations).
  3. Also, would it depend if the data is transacted from a partner organization (client application), invoking an externally hosted API (secured with M2M), as opposed to a client application deployed within the organization, invoking an internally hosted API (secured with M2M).

In other words, I am seeking to understand best practices and considerations so that I can effectively cost for internal-to-internal M2M flows, as opposed to external-to-internal M2M flows. I also need to ensure, it is cost effective so any thoughts/suggestions/recommendations are welcome.

Please advise.


This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.