ESI Character Authentication Expiration

I have a question about the new ESI API as I’m working on my app.

When a person authenticates a character to an app, how long is that authentication good for until it expires and they have to re-authenticate?

In the XML API, we are able to create API keys that with no expiration, so I’m just curious if the ESI will have or does have the same.

A token expires in 20min.

A refresh token lasts indefinitely and can be used to get a new token. The user can revoke a refresh token whenever they want.

Thanks for the input, I must have missed that in the 3rd Party Documentation previously.

Would you also happen to know if the refresh token stays the same throughout or does it get updated as well each time its used?

Basically, if I were to store the refresh token in a database, would it have to get updated every time the access token is updated?

It’ll stay the same as long as the scopes associated with it remain the same. So you would only have to update it in the database if the user changes the scopes authorized with your site. Such as removing or adding a new scope.

Got it, I was figuring that if they want to make changes, I would have them delete the particular scopes for that character and then re-add. Seems to be the easier way to do it at least.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.