Question: Are there any limitations on the number of bearer tokens that a customer can enable or request?
Answer: Please find the detailed information below:
- While there isn’t a strict internal limit, the tokens are created manually and are designed to align with the applications that the client develops and maintains. Typically, only a small number of tokens should be necessary.
- Each additional token increases the risk of potential data leaks, so from a security perspective, it’s not advisable to maintain a large number of tokens
- For instance, scaling from one token to three is generally manageable. However, issuing tokens for every individual user would introduce significant challenges and is not recommended.
- Additionally, a bearer token remains valid as long as it is actively used within a 30-day period. If the token remains inactive for 30 days, it is automatically invalidated and discarded. In such cases, the user must request a new bearer token.
This approach ensures both usability and security while maintaining system integrity.