Storing an API token in a database?

M

Mikkkch2020-12-01 12:12:02

API

Mikkkch, 2020-12-01 12:12:02

Hello, I have implemented such a system that after logging in, a token is generated for the user through his name, secret key and algorithm, which is installed in sessions with the Authorization key. After that, the user is redirected to the main page, on which his API token is located, through which he will be able to make API requests from the web version and from some other place like Postman.

Is there a need to store the API token in the database? This token has a lifetime and after it expires, the user will have to open the cookie session again (log in using the web form), go to the main page and renew the token for further use.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

V

Vladimir Korotenko, 2020-12-01
@firedragon

Refresh the token and let the client refresh it. In the case of a single client and server, it is generally not necessary to store it, the server itself will calculate that the token is rotten and will send a new one. There are a lot of guides on the net.