Application Access Token

Modified on Thu, 14 Sep 2023 at 03:16 PM


TABLE OF CONTENTS



Getting your application access token


Nexar uses the OAuth 2 for API access. This requires applications to obtain an access token included in all requests to the Nexar API.

Real applications should follow the appropriate OAuth 2 flow to automatically obtain new access tokens as needed. 

Access tokens live for 24 hours, after which the API will reject them 

To manually get an access token:

  1. Sign in to the portal.
  2. Select "Apps" on the navigation menu to the left.
  3. Navigate to the "Authorization" tab at the top.
  4. Click on the blue "Generate token" button. An access token will then be generated, which you can copy with the button on right-hand side of the token. This can then be used to access the API.



Please see this other article for further information on authorization in the Nexar API. This article covers fetching tokens in an IDE or programmatically.



Invalid Token


If your token is invalid, you will get a GraphQL response like the following:

{
  "errors": [
    {
      "message": "Token validation failed. Please provide a valid access token.",
      "locations": "...",
      "path": "...",
      "extensions": {
        "code": "AuthInvalidToken",
        "remote": "...",
        "schemaName": "..."
      }
    }
  ],
  "extensions": {
    "requestId": "..."
  }
}


If the token has expired, the AuthExpiredToken error code is returned, and your application should request a new access token. 


If the token is missing or invalid, the AuthInvalidToken error code is returned, which may mean your application uses the token incorrectly.


Rate Limit on Generating Access Token


The frequency with which new access tokens can be requested is restricted to protect our identity server.

Please ensure you do not request tokens more frequently than any of our limits:

  • 2 tokens every second

  • 200 tokens every 15 minutes

  • 3,000 tokens every 12 hours

  • 40,000 every week

Access tokens are valid for 24 hours, and we ask that applications cache their tokens for this period.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article