Marketo API Token best practices?

Question

Hi everyone,I'm building our connection to the API as we're just rolling out Marketo. I had a question about how to handle the token validation. Is the best practice to:- hit the identity endpoint and check for a valid token each time?- hit the identity endpoint, save when I hit it into a variable, and check if it's been an hour before every call?- just look for a 601/602 error and if one gets returned, get a new token and try again?Also, is the validity of the token only checked when my request comes in? As in, if I send a request with 1 second left and it takes 2 seconds, will my request complete successfully? Thanks!

SanfordWhiteman · Accepted Answer

hit the identity endpoint, save when I hit it into a variable, and check if it's been an hour before every call?
just look for a 601/602 error and if one gets returned, get a new token and try again?

A hybrid of these 2.

Definitely do not get a preemptively new token every time -- not only is this crazy overhead, it won't even work because you'll still have a race condition.

Cache the token optimistically and store the approximate age with it. But don't forcibly fetch a new token until it's at least 61 full minutes old. Trying to guess around the exact 60m mark is hopeless -- if it's under 61m, just send the request with the cached token, check for the error, and get a new token then if necessary.

Also, is the validity of the token only checked when my request comes in? As in, if I send a request with 1 second left and it takes 2 seconds, will my request complete successfully?

Yes, it's checked at the outset & the request won't error out in the middle of execution.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded