...
Writing Your Own Code
When you write your code against the API, the process will be similar. You'll have to post to the authentication endpoint to get a token and then send it down in the X-Auth-Token header for ALL requests.
If your token has aged approximately 1 hour, the server will kick out a refresh token in the X-Auth-Token-Refreshed header. Our app just sniffs for the refresh token on each request, and if it finds one, it replaces the current one and starts sending the new one.
| Tip |
|---|
A Flex Api token lasts approximately 12 hours and then expires. You should cache the token somewhere safe and sniff for a new token on every request. Replace the existing token when you see a new one. If your you had a long period between requests and your token has expired, you'll get a 401 UNAUTHORIZED. You can detect that, and send a new /auth request to get a new token. |