Access to the API is secured through authentication tokens (as well as the use of HTTPS as a communication protocol).
A session must be initiated, and authentication is required to establish a new session.
- Token Expiration and Re-authentication:
- Tokens expire after 15 minutes.
- If a non-login request (e.g., create a card) responds with a 401 (Unauthorized) code, you must handle re-authentication.
- Token Characteristics:
- Tokens are provided as strings.
- It would be best not to attempt to interpret or order tokens based on their structure.
- The token structure may change; the only guarantee is that tokens are unique and in string format.
- Token Length:
- Tokens can be very long, up to 4K in size.
- It would be best not to make assumptions about the token's length.
- Token Security:
- Tokens are sensitive information and must be kept secure.
- Tokens should never be stored on disk to avoid unnecessary security risks, as new tokens can be requested anytime.