Token management

1

What product/components do you use and which version/fix level?

webMethods 10.5.

Are you using a free trial or a product with a customer license?

product with a customer license.

What are trying to achieve? Please describe in detail.

Hello,
I would like to have your recommendations for a scenario:
I have a WS REST service with an input parameter (token) in a properties file. This token expires every day and I would have to renew it by calling another WS REST which generates a new token.

My question: What is the optimal solution for this case? are there solutions to store/modify/call the token?

Do you get any error messages? Please provide a full error message screenshot and log file.

Have you installed latest fixes for the products

2

When dealing with tokens please note that there are many things to consider some of which you have already mentioned

  1. Refreshing the token - you can create a scheduled task to fetch the token, maybe use service caching ?
  2. Where do you want to store it- you have mentioned that it is a properties file- you may need to consider the security risks here.
  3. How can you pass it to a service - Global variables , read files?
  4. What happens if the token has actually expired/ is an invalid token? - would you regenerate the token?

A good discussion on a similar topic of storing /refreshing tokens is at Integration Server handling JWT third party (consumer service) - Forum - webMethods - Software AG Tech Community & Forums

That being said, the ultimate decision would depend on your requirements. Looking forward for an interesting discussion on this.

-NP

3

The technique we use, for an automated process that has no user waiting, is to simply make a call to get a token via the API every time we need one. For a given thread of execution, we do so just once. But beyond that, we “get token” every time. Easier and sufficient so that we don’t need to address storing the token nor worry about it expiring, managing/flushing cache, etc.

Perhaps a similar approach would work okay in your situation.

2 Likes
4

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.