Token management

RCA · March 8, 2022, 1:53pm

What product/components do you use and which version/fix level?

webMethods 10.5.

Are you using a free trial or a product with a customer license?

product with a customer license.

What are trying to achieve? Please describe in detail.

Hello,
I would like to have your recommendations for a scenario:
I have a WS REST service with an input parameter (token) in a properties file. This token expires every day and I would have to renew it by calling another WS REST which generates a new token.

My question: What is the optimal solution for this case? are there solutions to store/modify/call the token?

Do you get any error messages? Please provide a full error message screenshot and log file.

Have you installed latest fixes for the products

Nagendra_Prasad · March 8, 2022, 3:51pm

When dealing with tokens please note that there are many things to consider some of which you have already mentioned

Refreshing the token - you can create a scheduled task to fetch the token, maybe use service caching ?
Where do you want to store it- you have mentioned that it is a properties file- you may need to consider the security risks here.
How can you pass it to a service - Global variables , read files?
What happens if the token has actually expired/ is an invalid token? - would you regenerate the token?

A good discussion on a similar topic of storing /refreshing tokens is at Integration Server handling JWT third party (consumer service) - Forum - webMethods - Software AG Tech Community & Forums

That being said, the ultimate decision would depend on your requirements. Looking forward for an interesting discussion on this.

-NP

reamon · March 8, 2022, 9:23pm

The technique we use, for an automated process that has no user waiting, is to simply make a call to get a token via the API every time we need one. For a given thread of execution, we do so just once. But beyond that, we “get token” every time. Easier and sufficient so that we don’t need to address storing the token nor worry about it expiring, managing/flushing cache, etc.

Perhaps a similar approach would work okay in your situation.

system · June 6, 2022, 9:23pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Integration Server handling JWT third party (consumer service) webMethods , Service-Designer , Integration-Server-and-ESB , Flow-and-Java-services	8	1893	February 5, 2024
Flow service to set service cache expiry? webMethods , Integration-Server-and-ESB , Flow-and-Java-services	17	2259	May 26, 2021
Storage of token in webmethods.io webMethods , webMethods-io-Integration , webMethods-cloud	15	642	July 20, 2024
Bearer Token Interpretation/Inspection webMethods , Service-Designer , Integration-Server-and-ESB	12	1443	January 7, 2024
Global variable - assign value from a flow service webMethods , webMethods-General , Integration-Server-and-ESB	10	4830	April 2, 2021