# Get Token

# Token Mechanism

Tokens can be obtained upon Auth2.0 protocol. Each Access Token and Refresh Token has its timestamp.

# Get Access_token

For security reasons, the Access Token shall always be stored in the backend, and shall never be returned to front end, as all API access requests shall be initiated from backend.

Access Token must be obtained to create a login credential before calling API interface, as caller ID of other API interfaces will be authenticated with Access Token.

CJ-Access-Token: Get CJ-Access-Token

# Storage & Examination of Token

# Access Token

An Access Token which contains login information must be created before API can be called. Access Tokens are required before servers can be accessed. In general, the life of an Access Token is 15 days.

# Refresh Token

An Access Token can be refreshed with a Refresh Token. Access Tokens will be returned after Refresh Tokens are imported to the authentication server. In general, the life of a Refresh Token is 180 days.

Regular exmination on validity of Tokens is recommended: Examination of expiry date of each Token before use: if Access_Token is expired, Refresh_Token can be applied to refresh.

# Token Refresh

Get new Access Token and Refresh Token when expiry date of Access Token is near, and store new tokens as before. Delay queue is recommended when refreshing tokens.

# Reauthorization

If both Access Token and Refresh Token are expired, new tokens can be obtained via reauthorization.