Handling Partner access token

“Partner access token” is used as authentication for all communication with the Checkout 3.0 Backend API. This token should never be displayed to the user or sent to the frontend of the application. More information about obtaining access token can be found in this article: How to get started – Obtaining Partner access token.

When does the token expire

Partner access token follows the JSON Web Token (JWT) standard. You can read more about JWTs on the JWT.io (opens in a new tab).

There are two ways you can find the expiration DateTime of our token:

• Reading field tokenExpirationUtc after calling /api/partner/tokens with ClientID and ClientSecret (How to get started – Obtaining Partner access token)
• Decoding JWT using library of your choice and reading exp property of the token

Handling of the token

It’s recommended that the token is created and re-used during it’s life cycle. In order to do that, securely store the Partner access token after it’s creation (for example in memory) and use it when calling Checkout 3.0 Backend API. Use tokenExpirationUtc or exp to generate new token before the old one expires periodically or check the token expiration before calling Checkout 3.0 Backend API.

Re-using Partner access token between user sessions and for all communication with Avarda will improve performance and reduce user wait times between sessions.