Using session token auth

Hi all,

Happy New Year!
While I am updating some of my api code I was wondering if I should streamline some of it by utilising the session token of an initial connection (rather than authenticating with the same script key time and time again).

As an example, with as custom app that we use to publish new versions, there are several api calls throuhg throughout the process. First to get a bunch of data from SG to build the UI, then calls to create new versions, upload stuff, send notes etc.

I feel like I should be connecting with the script key only at the start (i.e. when the app opens), then use the returned session token for any subdsequent calls (i.e. when the user hits the “publish” button).
I can’t find how long a session token is valid for though?!

I did some quick timing tests to compare connection speed using script keys vs session tokens and the former is only slower the first time I connect, after that it tends to be a tiny bit faster even, which I think is an optimsation that was built in a while back to make subsequent API calls more efficient (feels like it’s using a sesison token automatically already).

What is people’s insight/experience/advise here?


I posted a link in your other thread - read up on how OAUTH works. The returned token also contains its expiration time (e.g. 3600 seconds), and you have a refresh token, which you can use to request a new access token after expiry.
Someone more knowledgeable should comment on how the script key mechanism works. There might be such an optimization as you mention.

Thanks @mmoshev