I would like to ask you a question about when the Web Messenger token is renewed.
We understand that when a token expires, the token is automatically renewed.
I believe the following limits apply when renewing the token:
exchange.token.rate.per.minute
refresh.token.rate.per.minute
revoke.token.rate.per.minute
We want to know when it counts after we deploy the web messenger and if there is a possibility that the limit will be reached.
For example, if more than 300 end users use Web Messenger at the same time, we think we will reach the limit.
How many hours does the Web Messenger token used by the end user expire?
What operations are performed by the end user to be counted?
Where will we be notified if the limit is reached?
Each limit applies to different endpoints.
exchange.token.rate.per.minute relates to api/v2/webdeployments/token/oauthcodegrantjwtexchange
refresh.token.rate.per.minute relates to api/v2/webdeployments/token/refresh
revoke.token.rate.per.minute relates to api/v2/webdeployments/token/revoke
When a token is issued, it cannot exceed 15 minutes. If a refresh token is sent along, it will last for 24 hours.
Once a token is retrieved and used to login into Webmesssaging, your session will last as long as your refresh token is valid. No need to refresh your token again (until you need to perform an action against APIs requiring such mechanism).
You'll need a valid token to logout.
If rate limit is reached, Api response will contain Http code 429. This is true for all Public Api requests.
Just wait a bit and retry.
Sorry for the late reply. Thank you for your answer.
Sorry to trouble you, but let me ask you an additional question.
Will it only be counted if the API is explicitly used by the user or app, and will it be checked if the limit has been reached?
Is it correct to understand that if we only use the regular web messenger, this API will not be used and the limit will not be reached?
sorry. I'm not good at English, so I may not be able to explain it well.
Yes, rate limit will always be checked (per organization) when invoking listed endpoints.
WebMessenger does use this Api for authentication and makes no exception.
Thank you for your answer.
Does WebMessanger authentication mean if I enable the "Authentication" toggle in the "Apps" tab of "Admin/Message/Messenger Configurations"?
