Community
Showing results for 
Search instead for 
Do you mean 
Reply

Bearer Token lifetime / expiry

Accepted Solution Solved
Copper Contributor
Posts: 18
Country: Germany
Accepted Solution

Bearer Token lifetime / expiry

Hi,

 

Can someone tell me, how long a bearer token is valid?

Reading through RFC6750, there's an example:

"expires_in":3600,

Does the Act! (WebAPI) admin set this, is this the default? Which number das Act! use?

 

We testing against 2 different installations of Act! on two separate machines, and they behave rather differently. While one works fine with bearers nearing 30 minutes long, the other has just today given me major grief with a 7 minute old key. I know for a fact that we didn't change any settings in regards to bearer expiry.

 

Most grateful for any help.


Accepted Solutions
Solution
Accepted by topic author Thomas_Benn-MS
3 weeks ago
Administrator
Posts: 955
Country: United_Kingdom

Re: Bearer Token lifetime / expiry

I've asked a few questions and looked into this on your behalf - the bearer token expiry duration is set in the Act Web API web.config file (<ActInstallDirectory>/ACT/Act.Web.API/web.config) for APFW and the web API.

If you're using Premium with the Hosted API service, the setting is configured in the act.web.api.hosting.exe.config file in "<ActInstallDirectory>/ACT/Act.Web.API/bin/"

The setting is called AuthTimeoutInMinutes - the default value is 65 minutes, though resetting or interrupting the application pool, or restarting the windows service can premeturely invalidate a token.

Hope this helps!

View solution in original post


All Replies
Administrator
Posts: 955
Country: United_Kingdom

Re: Bearer Token lifetime / expiry

Hi Thomas,

What version of the WebAPI is running in these cases?
Solution
Accepted by topic author Thomas_Benn-MS
3 weeks ago
Administrator
Posts: 955
Country: United_Kingdom

Re: Bearer Token lifetime / expiry

I've asked a few questions and looked into this on your behalf - the bearer token expiry duration is set in the Act Web API web.config file (<ActInstallDirectory>/ACT/Act.Web.API/web.config) for APFW and the web API.

If you're using Premium with the Hosted API service, the setting is configured in the act.web.api.hosting.exe.config file in "<ActInstallDirectory>/ACT/Act.Web.API/bin/"

The setting is called AuthTimeoutInMinutes - the default value is 65 minutes, though resetting or interrupting the application pool, or restarting the windows service can premeturely invalidate a token.

Hope this helps!
Copper Contributor
Posts: 18
Country: Germany

Re: Bearer Token lifetime / expiry

One of them was 1.0.236.0
the other 1.0.248.0
Copper Contributor
Posts: 18
Country: Germany

Re: Bearer Token lifetime / expiry

That's what I was looking for, thank you.