Skip to main content

Best Practices for Ensuring Active API Connection

Updated this week

Corti’s API requires a valid OAuth 2.0 access token for every request. Since access tokens expire after 5 minutes, it’s important to ensure that your integration always uses an active token. This article highlights best practices for maintaining a seamless and secure API connection.


1️⃣ Automate Token Requests

Rather than manually requesting an access token, integrate the token request process into your system:

  • Request a new token before making API calls if no valid token exists.

  • Store the expires_in value (300 seconds) and the time the token was obtained so you can calculate when it will expire.

  • Ensure you have a buffer and trigger a request for a new token ahead of the stored expiration time.


2️⃣ Handle Expiration Gracefully

Even with proactive token management, it’s possible for a token to expire:

  • Monitor for 401 Unauthorized responses from the API.

  • When a 401 occurs, automatically request a new token and retry the API call.

This ensures minimal disruption for users or systems relying on your integration.


3️⃣ Avoid Hardcoding Tokens

Never hardcode access tokens into your codebase. Instead:

  • Dynamically fetch and store tokens at runtime.

  • Securely manage client credentials (e.g., in environment variables or a secrets manager).

This keeps your system secure and flexible.


4️⃣ Monitor and Log Token Usage

Implement logging around:

  • When tokens are requested

  • When tokens are used in API calls

  • When token renewal is triggered

This helps you detect unusual patterns, such as failure trends or unexpected expirations.


By following these best practices, you’ll minimize downtime and ensure smooth, secure communication with Corti’s API.

Did this answer your question?