Corti’s API requires a valid OAuth 2.0 access token for every request. Since access tokens expire after 5 minutes, it’s important to ensure that your integration always uses an active token. This article highlights best practices for maintaining a seamless and secure API connection.
1️⃣ Automate Token Requests
Rather than manually requesting an access token, integrate the token request process into your system:
Request a new token before making API calls if no valid token exists.
Store the
expires_in
value (300 seconds) and the time the token was obtained so you can calculate when it will expire.Ensure you have a buffer and trigger a request for a new token ahead of the stored expiration time.
2️⃣ Handle Expiration Gracefully
Even with proactive token management, it’s possible for a token to expire:
Monitor for
401 Unauthorized
responses from the API.When a
401
occurs, automatically request a new token and retry the API call.
This ensures minimal disruption for users or systems relying on your integration.
3️⃣ Avoid Hardcoding Tokens
Never hardcode access tokens into your codebase. Instead:
Dynamically fetch and store tokens at runtime.
Securely manage client credentials (e.g., in environment variables or a secrets manager).
This keeps your system secure and flexible.
4️⃣ Monitor and Log Token Usage
Implement logging around:
When tokens are requested
When tokens are used in API calls
When token renewal is triggered
This helps you detect unusual patterns, such as failure trends or unexpected expirations.
By following these best practices, you’ll minimize downtime and ensure smooth, secure communication with Corti’s API.