Handling Partner access token
“Partner access token” is used as authentication for all communication with the Checkout 3.0 Backend API. This token should never be displayed to the user or sent to the frontend of the application. More information about obtaining access token can be found in this article: How to get started – Obtaining Partner access token.
When does the token expire
Partner access token follows the JSON Web Token (JWT) standard. You can read more about JWTs on the JWT.io (opens in a new tab).
There are two ways you can find the expiration DateTime of our token:
- Reading field
tokenExpirationUtc
after calling/api/partner/tokens
withClientID
andClientSecret
(How to get started – Obtaining Partner access token) - Decoding JWT using library of your choice and reading
exp
property of the token
Handling of the token
It’s recommended that the token is created and re-used during it’s life cycle. In order to do that, securely store the Partner access token after it’s creation (for example in memory) and use it when calling Checkout 3.0 Backend API. Use tokenExpirationUtc
or exp
to generate new token before the old one expires periodically or check the token expiration before calling Checkout 3.0 Backend API.
Re-using Partner access token between user sessions and for all communication with Avarda will improve performance and reduce user wait times between sessions.