Login
    Contenu x
    Additional Considerations
    • 21 Feb 2025
    • 1 Minute à lire
    • Impression
    • Sombre
      Lumière
    • PDF
    Contenu

    Additional Considerations

    • Mis à jour le 21 Feb 2025
    • 1 Minute à lire
    • Impression
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    Because the API Protection APIs are stateless, there is no record kept on whether a token has already been verified. At the very least, a shorter challenge timeout can safeguard against indefinite token reuse. You might also want to consider caching response tokens on the server and rejecting duplicate responses.

    Another aspect to keep in mind is how to manage multiple versions of the app and shared secret. If you release a new app version with a new secret configuration, the back end needs to differentiate between requests using an older secret versus the newer one. For REST APIs, you might want to include a version number in the HTTP header that the server can parse out. For example: X-Response: v=1, <token>.

    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle