Most of the developers come across the issue of how to handle access token and refresh token renewal process. Here is an efficient way of handling these issues.
Access token lifetime is 3600s = 1 hour
Refresh token lifetime is 7 days(1 week)
There are 2 ways to handle the renewal process:
1. Renew access token and refresh token for every 1 hour. The expires_at time provides allows you to know when you need to refresh a token and regularly checking it will allow you to refresh it as and when required. Also, you should detect when any RingCentral API you are calling returns an HTTP Status Code 401 (Unauthorized).
You can refresh a token that is not expired. The previous access token will be immediately purged and a new access token will be returned. There will only ever be one active access token at a time for each instance. The only downside is the time it takes to issue those refresh commands, so we don't recommend refreshing tokens constantly as it will slow down your app.
2. If you cant change the app as mentioned above (for instance, if the app is stateless and you cannot store access/refresh tokens), you should pass refresh_token_ttl=0 parameter along with /oauth/token API so that refresh tokens are expired immediately after creation.
Access token lifetime is 3600s = 1 hour
Refresh token lifetime is 7 days(1 week)
There are 2 ways to handle the renewal process:
1. Renew access token and refresh token for every 1 hour. The expires_at time provides allows you to know when you need to refresh a token and regularly checking it will allow you to refresh it as and when required. Also, you should detect when any RingCentral API you are calling returns an HTTP Status Code 401 (Unauthorized).
You can refresh a token that is not expired. The previous access token will be immediately purged and a new access token will be returned. There will only ever be one active access token at a time for each instance. The only downside is the time it takes to issue those refresh commands, so we don't recommend refreshing tokens constantly as it will slow down your app.
2. If you cant change the app as mentioned above (for instance, if the app is stateless and you cannot store access/refresh tokens), you should pass refresh_token_ttl=0 parameter along with /oauth/token API so that refresh tokens are expired immediately after creation.
We provide the developers with SDKs for Javascript, PHP and python which will automatically handle reusing of tokens across instances. You can find the SDKs and documentations here: https://github.com/ringcentral .