Welcome to the new Box Support website. Check out all the details here on what’s changed.

Using multiple access tokens in one Box appliction for a unique "AccessTokenCacheKey"

Answered
New post

Comments

5 comments

  • Murtza

    The App User access token is valid for one hour, unless a new token is requested and used.

     

    If a new token is requested but not used, the old token is still valid (assuming it less than one hour old). If a new token is requested and used, the old token will be invalidated.

    0
    Comment actions Permalink
  • takepon

    Thanks for replying. As long as I checked, Box platform is possible to provide multiple access tokens for one AppUser.

     That is impossible in standard Box OAuth2 application which provides a pair of access token and refresh token. Once a refresh token is used, new access token is provided then the access token is used by app, old access token became expired.  However, even if I request new access token for the AppUser for whom I already requested an access token, these two access tokens are active and I was able to use both. So, it is possible to have multiple access tokens concurrently for one AppUser in Box Platform.

     So, I had the question to have multiple access tokens for one AppUser and if there is any benefit to do it.

    0
    Comment actions Permalink
  • Murtza

    My earlier reply was incorrect. Sorry for the confusion!

     

    The results you are seeing is the expected behavior. Here are some notes about the App User access token from our PM team:

    • You can generate as many App User access tokens as needed.
    • Each token is independent and has its own expiration of 60 minutes.
    • This lets you have different tokens for different clients.

     

    0
    Comment actions Permalink
  • takepon

    Thanks!  It looks multiple access tokens generated are intended to be used in different clients. So I may not need to cache multiple access tokens for one AppUser on one client, but it is enough to use one access token.

    0
    Comment actions Permalink
  • adoprog

    >Each token is independent and has its own expiration of 60 minutes.

    Is this flow valid for standard users access tokens as well? Or are they invalidated when the new one is used? 

    I've seen multiple opposite explanations on forums, but no official docs about it.

    0
    Comment actions Permalink

Please sign in to leave a comment.