Permanent Access Token

Issue No. 151





Reported By

Charly Bernard






6/Nov/13 10:01 AM EST


Sign in to track this issue


IS there a way to have a permanent access token ? Every 3 days I've to renew it and I guess that the renew date written below my access token is false. Thank you for your support and your amazing API


1. Erik Berg 7/Nov/2013 at 3:32 AM EST

The access token lasts for exactly seven days. You can sign in at any time and generate a new access token that lasts seven days from the moment you click "Renew Access Token". It was implemented this way to discourage iOS and Android developers from distributing their access token inside their apps and to limit the exposure from javascript-only websites where the access token is pasted in the public source code. This API attracts some developers who are just starting out and may be unaware that their actions can have a negative impact on the stability of the servers. That said, I do understand it is an inconvenience to change the access token each week and adding options for longer lasting tokens is on the TODO list.

2. Matt Vague 24/Aug/2015 at 5:07 PM EDT

Hey Erik, any progress on permanent access tokens?

3. Erik Berg 24/Aug/2015 at 6:02 PM EDT

No changes at this time. The token expiration is one month, which is more reasonable than one week. Earlier comment still applies about new developers, plus I think others will only take the security of the access token seriously if they were being charged for it. For example, when I find someone's access token posted in public github repos.

4. Ian Feather 29/Aug/2018 at 4:33 PM EDT

Hey Erik, is there any chance that you would consider adding an endpoint to programmatically renew a token?