How do I create an API token (“Creator’s Access Token”) that doesn’t expire? If the token expires it breaks my build, which is not acceptable. I need some way to reliably access the Patreon API without manual intervention at regular intervals to keep the token up-to-date. Is there some way to achieve this?
Unfortunately, there is currently not a way to have a forever-valid access token. However, you should be able to refresh your token by hitting the oauth token creation endpoint programmatically. Instructions for doing so are in the docs.
Thanks for your response, Jeffery, however that’s just not an acceptable solution because I cannot programmatically enter the token into my administration interface because it’s only accessible via the web. No other major service, such as GitHub, has expiring tokens because they do not improve security in any way.
That last part is critically important: if you can programmatically refresh your token this is exactly the same as having a non-expiring token, from a security standpoint. All you’re accomplishing is increased complexity for no added benefit.
Since it would be backwards-compatible to just remove the token expiry code I implore you to do this since I cannot update tokens automatically in my usage scenario.
You are absolutely correct - the reason creators token have expiry right now is because a creator’s token is “just another token” in our system.
We have plans on simplifying creator’s tokens but unfortunately we do not have a concrete time line yet for doing this. I understand the pain with the added complexity and I will attempt to address this with a hack soon.
I’ll keep you updated when we have something.
I’m not sure what the expiry period is exactly; it seems to be about two weeks. If you could address it within that timeframe that would be ideal because an expired token currently breaks my system. Either way, it’s good that you acknowledge the problem!
Just wanted to agree with Bilge, and add my name to those requesting this adjustment to creator’s tokens.
For now, I highly suggest you refresh the token whenever you get a
401 status code back.
Our token expiry is set to 30 days, so I’m not sure why you are getting half that amount.
I take it there won’t be a quick hack to fix this after all? That is a disappointment.
I promise you if it was easy we’d do it in a heartbeat.
OK, but I’m not fabricating that suggestion, that’s literally what you proposed in your first post. I was just following up on that point.
@Bilge sorry, let me rephrase.
What I meant is, that this isn’t a simple hack - I had to fix some things before I could fix that because of a lot of assumptions our code made.
I am happy to report that this is now going to be the norm - but only for newly made clients. I will try to make the change retroactive but that will obviously take more time.