...
In order to call every POS-API Method an Access Token is required. By Default the Access Token is valid for 20 minutes. To get a valid Access Token a call must be made to the POST /oauth/token method endpoint.
Keeping an Access Token Valid
| Info |
|---|
In order to always have a valid access token, the API Model Class should implement the refresh token functionality. |
Client Credential vs Refresh Token
Both must be sent as the value of the grant_type parameter:
...
| Info |
|---|
See POST /oauth/token for more information |
Has the Access Token Expired?
Flexiti recommends the Merchant website to have a isAccessTokenExpired function. Additionally it should have a constant called FLX_EXPIRATION_TIME_THRESHOLD. The FLX_EXPIRATION_TIME_THRESHOLD will be used to control the expiration time of an access_token.
...
The expiration_time should be stored in session along with the access_token and a accessTokenCreatedTime for it.
The logic condition should be:
(nowInSeconds - accessTokenCreatedTime >= accessTokenExpirationTime – FLX_EXPIRATION_TIME_THRESHOLD)
...
This will ensure that we can make use of the refresh token call when it's necessary, and in the case of an apply or a purchase the new access_token will be refreshed in order to give the user enough time to complete the entire flow.
Example PHP Code
Below you can see suggested code on how to handle the token and expiration.
...