ForumsDevelopersAPI Token Expiry


API Token Expiry
Author Message
Shaun Barlow

Posted: Jan 24, 2010
Score: 0 Reference
Hi,

I am busy experimenting with the Toodledo API in preparation for trying to make an app for Symbian S60 phones (will be testing using my E71).

I am trying to find out what the message looks like when you try to use an expired token, so that my app can detect it and get a new token when it needs one.

According to the API documentation the token should expire after 4 hours, but I have been using a token for about 5 hours now and it is still giving me access to my accounts data.

Has the token expiry time been increased from 4 hours?

Also if somebody already knows what message you get when trying to use an expired token, I'd appreciate it if you could share it :)
Jake

Toodledo Founder
Posted: Jan 24, 2010
Score: 0 Reference
It takes 4 hours of inactivity. Each time you successfully authenticate, it refreshes the key for another 4 hours. If you don't do anything for 4 hours, it will expire.
demo

Posted: Jan 27, 2010
Score: 0 Reference
One issue I noticed, Don't know if you care to address it. If I was using the api, and I had a legit token. I then changed my password, and continued using my token. So in theory, if your account is "compromised", they could keep using the token indefinitely, even if you change the password.

Is there any way to force all tokens to expire?
Jake

Toodledo Founder
Posted: Jan 28, 2010
Score: 0 Reference
Yes, if you change the unique id number in your account settings, then it will cause all tokens to be invalid.
You cannot reply yet

U Back to topic home

R Post a reply

To participate in these forums, you must be signed in.