We have a problem with APIs and even with a develop support ticket we got an answer.
Problem: APIs first need an authorization code. Once obtained, we can request tokens to be used for API access.
The token lasts 24 hours and can be regenerated as long as the last token is used and the associated refresh token is always sent.
We need to operate on our account and not on that of other people on the platform. We cannot enter a chrome job to hope to always keep this token alive.
The question: is it possible to trade using a non-expiring token? Or, using the Xmlrpc API you can operate without a token that has the prior authorization of your own account … maybe authorizing it only once and not every 24 hours. Otherwise everything becomes unusable by ecommerce obviously.
So the tl;dr; is yes but consider the following:
If you have a website that you run then you could have a cron job that maintained the token being refreshed.
However, you can use the xml-rpc with just an api token that you can find in your app. (admin->settings, click on application and then scroll all the way down). Be informed before switching though, because the RPC and the REST implementations do not share all of the same functionality and their implementations are different, which means you’d have to change code to use it…so be sure that it will in fact work for your needs before doing so.
@Stefano_Bertoli, you should only need to Authorize once. From that point on you store the Access Token and Refresh Token and use the Access Token until it expires (the returned values also include a timestamp you should store and compare to)
When it expires (or before, if you want to avoid making the extra call in the middle of an interaction), you call the /token endpoint and provide your stored Refresh Token, which provides a new Access Token and Refresh Token, which you replace your stored values with.
Since Refresh Tokens have a lifetime of 45 days, as long as you use them within that period you should never need to reauthorize again.