0

I am using an API (https://developers.gfycat.com/api/) that uses the typical OAuth flow to grant developers access to API requests. I am able to successfully simulate the entire process of getting an access token and using it in an API request by manually plugging in the values throughout my code. Now that I have all the moving parts successfully working, I am trying to put all the pieces together and have some questions:

A successful request for the API access token looks like this:

{"token_type":"bearer","scope":"","expires_in":3600,"access_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1NDM5NTIzOTEsImlzcyI6IjJfWldiaktHIiwicm9sZXMiOlsiQ29udGVudF9SZWFkZXIiXX0.SFdMGS8J_KP7pM2H33eu3l6ip2-8PkVHM4VTZzxTWyw"}

  1. Is it best to retrieve the access token once at app launch, then store the access token somewhere, and then every time I try making an API request ensure that I catch any "access token expired" errors before attempting to retrieve an access token? Or is it acceptable to simply make a request for the access_token each and every time I make an API request, even if it's very frequently?

  2. Where in my app do I store the access_token field if I decide to go that route?

Isaac Perez
  • 570
  • 2
  • 15
  • 31

1 Answers1

0
  1. create a column in table of database to save the token,but it's kinda annoying because every time when you need to update your token , you have to write to databases again.
  2. you can search "Redis", I think it can help you more suitable to save the token
Shawn Plus
  • 457
  • 1
  • 6
  • 15
  • I wouldn't bother with either of those solutions. If you don't need anything more secure (which I don't know what that would be for storing on device) just use SharedPreferences. It's much simpler for key-value pairs. – nasch Dec 04 '18 at 22:26