brokenoval avatar image
brokenoval asked sam Deactivated commented

What are the rules around access_tokens and expiry?

There's a couple of answers that explain that access_tokens expire after a year. And there is another question which indicates that tokens can be black listed individually if suspicious activity is detected.

I have been playing around with our merchant, specifically with push notifications, and I've found a couple of times today that tokens have expired within about an hour. I'm wondering are there any other rules that could be invalidating tokens that haven't been documented yet?


  1. What corresponds to "suspicious activity"? (burst rates etc) see:
  2. Is there a limit on the number of tokens that can be live for a merchant?
  3. Token's are merchant specific and app specific. Are they app version specific?


  1. We've noticed tokens expiring every day for us - if you uninstall and reinstall an app - will the old token still be valid, or is it unset by an uninstall?
  2. Is there a process for requesting rate limits on a case by case basis?
  3. What effect do permissions and modules have on the access_tokens


10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

sam avatar image
sam Deactivated answered sam Deactivated commented
  1. In order to provide a high quality experience to everyone, we have set the API rate limit to 64 requests per second per token. While there isn't a set rule on 'suspicious activity', we monitor our server loads for unusual spikes and high volumes.

  2. There is no limit on number of tokens

  3. App version should not affect the validity of the auth token.

I hope this answers your questions.



10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Thanks @Sam - a couple of follow on questions. That link you posted says that the limit has been reduced to 16 calls per second - is that where it stands currently?

I've added a couple of follow on questions in an edit if you wouldn't mind expanding a little.

0 Likes 0 ·

Thanks Sam - yes, that's very helpful. If you can find info about the batch time that would be great

0 Likes 0 ·

Welcome to the
Clover Developer Community