Skip to main content

My situation is that I have up to four receptionists calling patients, each with their own extension. I have built a "dialer" function (using the Password Flow -> Ringout API calls) into my contact management system. I understand that there is a limit of 5 non-expired tokens per extension.

This whole max token 5, token expire -> refresh token -> refresh token expire seems super complicated . I'll need to hire a team of expert hackers just to "hack in" to my own account. I was hoping to simplify things a tad, by doing this:

1) Obtain a token, store the expiry time in a "per extension" scope variable. (minus 5 seconds just to ensure I am "within bounds"). In the request, set the 'refresh_token_ttl=0' bc I don't want to be using refresh tokens at all.. I think they are unnecessary.

2) Keep using the existing token up until expire time

3) After token expire time, obtain a new token, like I did in step 1 above.

Is there anything wrong with this approach? Or MUST I use refresh tokens?



Not sure why you mentioned about the max 5 tokens while it's not the issue you are facing with. As you said each user with their own extension.

Since you are using the password flow authentication, it's up to you to use the refresh token to get a new access token or to re-login when the access token is expired. It makes more sense if your app is a 3-legged authentication to use the refresh token because your user will not need to login every hour after the access token expires.


I forgot about the other auth methods. Ya, that makes sense now. Thanks.


Reply