With regards the device API.
Is there any way to create a client token that has no expiry? Currently it is set to 48hrs
The token should have an expiry. May I know the reason for using a client token that has no expiry?
If the API is implemented as per oauth2 standard the access token is short lived for security purposes.
You would use a refresh token to refresh an expired access token. (Which is a POST request to token endpoint using refresh_token grant type).
Refresh tokens typically are long lived. I think Peplink sets it at 30 days.
1 Like