question

brokenoval avatar image
brokenoval asked sam Deactivated commented

What are the rules around access_tokens and expiry?

There's a couple of answers that explain that access_tokens expire after a year. And there is another question which indicates that tokens can be black listed individually if suspicious activity is detected.

I have been playing around with our merchant, specifically with push notifications, and I've found a couple of times today that tokens have expired within about an hour. I'm wondering are there any other rules that could be invalidating tokens that haven't been documented yet?

Specifically:

  1. What corresponds to "suspicious activity"? (burst rates etc) see: https://devask.clover.com/question/42...
  2. Is there a limit on the number of tokens that can be live for a merchant?
  3. Token's are merchant specific and app specific. Are they app version specific?

EDIT:

  1. We've noticed tokens expiring every day for us - if you uninstall and reinstall an app - will the old token still be valid, or is it unset by an uninstall?
  2. Is there a process for requesting rate limits on a case by case basis?
  3. What effect do permissions and modules have on the access_tokens

Thanks!

10 |2000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

sam avatar image
sam Deactivated answered sam Deactivated commented

  1. In order to provide a high quality experience to everyone, we have set the API rate limit to 64 requests per second per token. While there isn't a set rule on 'suspicious activity', we monitor our server loads for unusual spikes and high volumes. https://docs.clover.com/announcements...

  2. There is no limit on number of tokens

  3. App version should not affect the validity of the auth token.

I hope this answers your questions.

Best,

Sam

3 comments
10 |2000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

brokenoval avatar image brokenoval commented ·

Thanks @Sam - a couple of follow on questions. That link you posted says that the limit has been reduced to 16 calls per second - is that where it stands currently?

I've added a couple of follow on questions in an edit if you wouldn't mind expanding a little.

0 Likes 0 ·
sam avatar image sam commented ·
0 Likes 0 ·
brokenoval avatar image brokenoval commented ·

Thanks Sam - yes, that's very helpful. If you can find info about the batch time that would be great

0 Likes 0 ·

Welcome to the
Clover Developer Community